Events Related:


  • Review: Advanced Penetration Testing (APT) –
    This year I had the opportunity to take a few stellar instructor-led training courses, one of which was Joe McCray’s “Advanced Penetration Testing: Pentesting High Security Environments” course from his training entity LearnSecurityOnline.
  • Marcell published “Writing your own password cracker” presentation –
    Marcell describes different ways to achieve this goal, e.g. source code analyze, debugging or reverse engineering.
  • Website Security Statistics Report (2010) – Industry Bechmarks –
    “How are we doing?” That’s the question on the mind of many executives and security practitioners whether they have recently implemented an application security program, or already have a well-established plan in place.
  • How to View a Report in WACA? –
    Web Application Configuration Analyzer v1.0 is the latest tool released by our team that scans a machine for deployment best practices.
  • How to Scan a Server using WACA? –
    The tool will perform prerequisite scanning first to determine server existence, administrative access, IIS and SQL versions and remote services availability.
  • Beyond Nmap: Other network scanners –
    This is a presentation I did for the Blugrass ISSA chapter. Tools covered, at least lightly, are: Nmap, Hping, UnicornScan, AutoScan, Netscan, Metasploit, NetworkMiner and of course BackTrack 4 R1.
  • DOM Hacking – Paper and Tools –
    DOM Hacking was presented at BlackHat and going to present at next HackInTheBox.


  • Websecurify 0.8 Alpha 1 –
    Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
  • Dom Xss Test Cases Wiki Project –
    Dom Xss Test Cases Wiki is a KB for defining sources of attacker controlled inputs and sinks which potentially could introduce DOM Based Xss issues.
  • Havij – Advanced Automated SQL Injection Tool–
    Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
  • Web Application Configuration Analyzer v1.0 RTW is live! –
    Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers.
  • TA-Mapper: Application Penetration Testing Effort Estimator –
    Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications.
  • skipfish 1.67b –
    A fully automated, active web application security reconnaissance tool.
  • Ethical Hacking ASP.NET –
    The v. contains minor fixes and enhancements to the Padding Oracle test.
  • CERT Basic Fuzzing Framework Update –
    The BFF is a framework to perform file mutation fuzzing for Linux applications.
  • Samurai WTF 0.9 BruCON pre-release –
    Justin Searle was so kind to release the latest version of Samurai Webapplication Testing Framework made for the BruCON workshops.
  • PyLoris 3.2 –
    PyLoris is a scriptable tool for testing a server’s vulnerability to connection exhaustion denial of service (DoS) attacks.



Vendor/Software Patches:

Other News:

Leave A Comment