Events Related

Tools

  • OWASP Zed Attack Proxy 1.2.0 Released – vulnerabilitydatabase.com/toolswatch/2011
    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Techniques

  • Beginning Mac Hacking – mrspeaker.net
    He was a very mystical fellow, and spoke about reverse engineering with a sense of grand importance and just a pinch of spiritually – all very enticing to a nerdy youngster like myself.
  • Waking up the Sleeping Dragon – thesauceofutterpwnage.blogspot.com
    On September 28, 2010 I notified Beijing based WellinControl Technology Development Co.,Ltd and CN-CERT that one of Wellintech’s products had a very serious security vulnerability, and that if properly leveraged would allow an attacker to exploit the bug and execute arbitrary code.
  • Alexa Illustrates Web Securities Risks (part 1) – research.zscaler.com
    I recently needed to look at some Alexa data related to their tracking of the top web domains visited for a side project that I was working on.
  • Sudo -g privilege escalation (CVE-2011-0010) – blog.c22.cc
    I noticed this bug come across the wire earlier today and thought I’d take a few minutes to take a look.
  • Dumping the RMI Registry with NMAP – www.swende.se
    A while ago, I wrote a NSE script to a Java RMI Registry and dump out information about the objects in the registry. This is a blog-post to shed some light on NSE-development in general and that script in particular.
  • Continuous Web Application Security Scanning With Netsparker and TeamCity – troyhunt.com
    One of the problems with software security is that it’s easy for it to appear a bit like black magic, or at least like an entirely foreign industry to software development.
  • HeapLocker: NOP Sled Detector – blog.didierstevens.com
    When you enable NOP sled monitoring, HeapLocker will create a new thread to periodically check (every second) newly committed virtual pages that are readable and writable.

Vendor/Software Patches

Other News

  • Exploit Packs Run On Java Juice – krebsonsecurity.com
    Today, I’ll highlight a few more recent examples of this with brand new exploit kits on the market, and explain why even fully-patched Java installations are fast becoming major enablers of browser-based malware attacks.
  • The Application Security Spending Conundrum – jeremiahgrossman.blogspot.com
    To obtain a quote, the online insurer asked my age, where I lived, how much I drive and where, the year, make, and model of my cars, about my driving record, and how much coverage I wanted.