Sponsorised links
This year
2008
Main - browsersec - Google Code - Browser Security Handbook landing page
by karlcow
& 4 others
This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
Adobe - Security Advisories : APSB08-18: Flash Player update available to address security vulnerabilities
by marco
(via)
Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.12.
PSI - Personal Software Inspector - Secunia
by cascamorto
& 1 other
The Secunia PSI is the FREE security tool that is designed with the sole purpose of helping you secure your computer from software vulnerabilities. Software vulnerabilities affect all applications installed on your computer, from the Operating System down to your email client, office application, instant messaging, and so on.
#7157 (Disable APP and XMLRPC publishing by default) - WordPress Trac - Trac
by znarf
3 comments
(via)
In order to protect the majority of blogs which don't use these protocols against any possible security vulnerabilities we should disable them by default.
Les mecs confiants dans la sécurité de leur produit ...
Finding SQL Injection with Scrawlr - The HP Security Laboratory
by parmentierf
& 1 other
(via)
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
Rational AppScan Standard Ed. V7.7 Trial
by BlueVoodoo
Download a free trial of IBM Rational AppScan Standard Edition V7.7, previously known as Watchfire AppScan, a leading Web application security testing tool that automates vulnerability assessments and scans and tests for all common Web application vulnerabilities including SQL-injection, cross-site scripting and buffer overflow.
Introduction To PHP Security Vulnerabilities
by artiscode
& 2 others
PHP Coding Practices - Become an expert PHP Programmer
Sponsorised links
2007
wordpress security scanner
by rike_
Privacy Statement: The WordPress Online Scanner will collect information about potential vulnerabilities found on your blog during the scanning process. The information will be displayed to yourself and stored by the BlogSecurity team for statistical purposes and further research. This information includes, your blog name, template, plugins, vulnerabilities and any other test conducted by our tool. Your blog name and URL will not be made public, and is only stored to track abuse.
Top 10 Application Security Vulnerabilities in Web.config File
by ms_michel
This article lists five of the "worst offenders" of misconfigurations of application security that are universally problematic for all ASP.NET Web-based applications. Part two of this article will list an additional five misconfigurations that are specifically applicable to ASP.NET sites that use Web Forms authentication
Chris Shiflett: CSRF Redirector
by mbertier
& 1 other
It's a simple tool that makes it easy to test CSRF using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a POST request is complicated.
Man-in-the-middle - Vulnerabilities in SSH/Public Key
by rike_
This project is devoted to demonstrating a weakness in public key encryption to an active sniffer in the form of a man-in-the-middle style attack, which essentially "taps" the connection of a machine and allows the attacker to view the contents of future encrypted sessions.
Zero Day Initiative
by rike_
The Zero Day Initiative (ZDI), founded by TippingPoint, a division of 3Com, represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. The program's goal is threefold:
1. reward independent security research
2. promote and ensure the responsible disclosure of vulnerabilities
3. provide 3Com's TippingPoint division customers with the world's best security protection
Robot 'guard dog' protects Wi-Fi setups | CNET News.com
by lukeslytalker
LAS VEGAS--A strange two-wheeled creature was skimming through the halls of the Alexis Park Hotel on Sunday--a robot that sniffs out network vulnerabilities.
Introduction To PHP Security Vulnerabilities
by chantal
& 2 others
PHP Coding Practices - Become an expert PHP Programmer
How To Break Web Software - A look at security vulnerabilities in web software - Google Video
by Rik
(via)
Google engEDU
1 h 14 mn
NETwork Security Consortium
by jdrsantos
& 2 others
Pentoo is a penetration testing LiveCD distribution based on Gentoo. It features a lot of tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities.
Sandcat Web Application Security
by lecyborg
Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization's web server to isolate vulnerabilities and identify security holes.
The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.
