Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Online security check for outdated browser plug-ins
Yesterday, I received a post in the Pen-Test mailing list requesting for tips/resources on penetration testing of flash applications.  While there are some tools and white papers available, I could not find many authoritative resources which wraps the entire spectrum of flash security testing of RIA applications. So here is an endeavor to detail out the steps of testing.  I will keep this post only to outline the essential steps or points.  Please feel free to recommend additional inclusion of tools and techniques.  The idea is to come up with a comprehensive paper which can be used by pen-testers to test flash based Rich Internet Applications (RIA).
Chris Evans on using HTML forms to create cross-domain XML payloads. Some restrictions apply.
Intranets are intended to be secured from the outside by way of firewalls and other networking devices. Unfortunately, there has been a move towards non-routable address space as a method of protection, rather than other methods of protecting private IP space. This paper will outline a number of flaws that can be exploited by an adversary because of the use of well known non-routable IP address spaces.
Proposals for modifications to OAuth so that I will work better outside of the web browser.
The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser.
Wiki on Flash Security (maintained by fukami)
