Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Browserscope is a community-driven project for profiling web browsers. The goals are to foster innovation by tracking browser functionality and to be a resource for web developers.
Die PrivacyBox soll in erster Linie für Journalisten, Blogger und andere Publizierende eine sichere und bei Bedarf auch anonyme Kontaktmöglichkeit anbieten. Die PrivacyBox kann ein sicheres Kontaktformular für Websites oder Blogs bereitstellen, die Kontaktadresse kann die Visitenkarte von Journalisten zieren.... Sie steht allen Interessierten offen.
JavaScript Blacklist is a simple extension for Safari 5 which blacklists scripts from a configurable list of domains. If a common "utility" script used by sites that you visit is annoying you, this will let you opt out quickly and easily.
Anhand von Metasploit und dem Gnu Debugger gdb zeigt Paul Harrington, wie er unter Mac OS X einem Buffer Overflow in der Webcam-Server-Software Evocam auf die Schliche kommt und einen Exploit zum Einschleusen von Code entwickelt. Dabei zeigt er wie man den Code anpasst, um die richtigen Register und Teile des Speichers zu überschreiben. Harrington zeigt auch, wie man trotz Apples Library-Randomisation-Schutz vor Angriffen Systemfunktionen aufrufen kann
Online security check for outdated browser plug-ins
"A fully automated, active web application security reconnaissance tool."
In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest. jCryption is completly free and dual licensed under the MIT and GPL licenses like jQuery.
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Yesterday, I received a post in the Pen-Test mailing list requesting for tips/resources on penetration testing of flash applications. While there are some tools and white papers available, I could not find many authoritative resources which wraps the entire spectrum of flash security testing of RIA applications. So here is an endeavor to detail out the steps of testing. I will keep this post only to outline the essential steps or points. Please feel free to recommend additional inclusion of tools and techniques. The idea is to come up with a comprehensive paper which can be used by pen-testers to test flash based Rich Internet Applications (RIA).
Chris Evans on using HTML forms to create cross-domain XML payloads. Some restrictions apply.
Wissenschaftler haben eine 768 Bit lange Zahl mit 232 Dezimalstellen in ihre beiden Primfaktoren zerlegt.
sleuthkit.org is the official web site for The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows and Unix systems (such as Linux, OS X, Cygwin, FreeBSD, OpenBSD, and Solaris). They can be used to analyze NTFS, FAT, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system types.
Multifox is an extension that allows Firefox to connect to websites using different user names. Simultaneously! For example, if you have multiple Gmail accounts, you can open them all at the same time. Each Firefox window, managed by Multifox, accesses an account without interfering each other.
