HttpBee is a swiss-army-knife tool for web application hacking. It is multi-threaded, embedded with scriptable engine and has both command-line and daemon mode (if executed in daemon mode, HttpBee can become an agent of a distributed framework). This is a tool for more advanced users and there isn’t much documentation so if anyone feels like […]
web-security
Common Criteria Web Application Security Scoring (CCWAPSS) Released
[ad] The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers. This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application. CCWAPSS is focused on rating […]
Major Web Vulnerability Effects Yahoo, MSN, Google and More
[ad] I’ve seen this from quite a few sources so it seems it’s fairly legitimate, it seems all major websites have some flaws in the way they implement cookies meaning they are vulnerable to certain types of attack. The only current solution seems to be using full time SSL or https connections full-time, if any […]
Microsoft UK Defaced by Saudi Hackers
[ad] A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes. This was less than a month after Technet got owned. I don’t think they are ever […]
sqlget v1.0.0 – Blind SQL Injection Tool in PERL
sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file. Databases supported: IBM DB2 Microsoft SQL Server Oracle Postgres Mysql […]