HconSTF is an Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessment. It contains webtools which are capable of carrying out XSS attacks, SQL Injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. It could prove useful to anybody interested […]
sql
login (security through obscurity) – weird PHP script
[ad] This was the idea with which I have won the regional web apps contest… well actually I did a CMS but the security part of it was the most appreciated. Maybe because it was weird, you’ll see… Classical Login scripts What exactly do classical login scripts do… they get the password from the database […]
CLR and SQL Server 2005
[ad] Microsoft has taken a bit of a leap with the integration of .net into SQL Server, and a lot of developers(Myself included) are worrying about what security implications this could have. DevX.com have taken an in-depth look into the guts of it, and spilled them onto a page for us all to look at. […]
My SQL2005 Diary – Part 2
[ad] So over a month down the line, our SQL2005 upgrade project should now be in the workable prototype stage. But as with all things that “should” be(More security in IE, Great Britain ruling the world and my kitchen being fitted), it’s not, it’s not even close. On top of this our company is currently […]
bsqlbf 1.1 – Blind SQL Injection Tool
bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too! The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool. # CHANGELOG: # -get now support resume (with -start option) # -get to fetch files (thank you ilo AGAIN) […]