Tags: websec + security

Sort by: Date / Title / URL

  1. Fuzzing and Sqlmap inside CSRF-protected locations
  2. Developer guide to avoid XSS code
  3. PHP security checklist
  4. Beyond XSS (Cross Site Scripting) Cheat Sheet
  5. Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  6. 24-06-2010 to , , by shampoo and -1 others
  7. Online security check for outdated browser plug-ins
    01-06-2010 to , , , by shampoo and -1 others
  8. Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
  9. Yesterday, I received a post in the Pen-Test mailing list requesting for tips/resources on penetration testing of flash applications.  While there are some tools and white papers available, I could not find many authoritative resources which wraps the entire spectrum of flash security testing of RIA applications.  So here is an endeavor to detail out the steps of testing.  I will keep this post only to outline the essential steps or points.  Please feel free to recommend additional inclusion of tools and techniques.  The idea is to come up with a comprehensive paper which can be used by pen-testers to test flash based Rich Internet Applications (RIA).
  10. Chris Evans on using HTML forms to create cross-domain XML payloads. Some restrictions apply.

First / Previous / Next / Last / Page 1 of 6