[ad] Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation! It seems very well written too in terms that anyone familiar with software development or programming can understand. Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types […]
web-application-security
Wapiti – Web Application Scanner / Black-box testing
[ad] Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a […]
SpikeSource Spike PHP Security Audit Tool
Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP. The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week. This tool is especially welcomed by Darknet as […]
WordPress 2.0.4 Released – Fixes Security Issues
[ad] Just to let you all know, if you are using WordPress you can upgrade today. The latest stable release of WordPress (Version 2.0.4) is available. his release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty […]
Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability
[ad] Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service. It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site. eplawless stated the following: It was me. I […]