Events Related:

Resources:

Tools:

  • Fuzzdb – code.google.com/p/fuzzdb/
    A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
  • ReFrameworker v1.1 – appsec.co.il
    ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes.
  • Sandcat v4.0 – syhunt.com
    Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes.
  • OWASP Code review Guide v2.7 – codecrawler.codeplex.com
    A tool aimed at assisting code review practitioners.
  • OpenSCAP v0.5.9 – open-scap.org
    It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.
  • Xplico v0.5.6 – xplico.org
    Xplico is an open source Network Forensic Analysis Tool (NFAT).
  • Security Ninja security tool, more than a sneak preview! – securityninja.co.uk
    This idea was inspired by the Application Security Portfolios blog post that Nick Coblentz published in 2009.
  • Blazentoo – gdssecurity.com
    Blazentoo is an Adobe AIR application that can be used to exploit insecure Adobe BlazeDS and LiveCycle Data Services ES servers.
  • Skipfish v1.33B – skipfish.googlecode.com
    Skipfish is an active web application security reconnaissance tool.
  • SIP Inspector – sites.google.com/site/sipinspectorsite/
    SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios.
  • Aircrack-ng v1.1 – aircrack-ng.org
    It implements the standard FMS attack along with some optimizations like KoreK attacks.

Techniques:

Vulnerabilities:

Vendor/Software Patches:

  • PayPal Patches Critical Security Vulnerabilities – darknet.org.uk
    A security researcher has uncovered multiple vulnerabilities affecting PayPal, the most critical of which could have enabled attackers to access PayPal’s business and premier reports back-end system.

Other News: