Security Blog » Web Hacking http://www.insecure.ro It's all about Security - Security Blog - Mon, 24 May 2010 08:30:50 +0000 en hourly 1 http://wordpress.org/?v=3.0 Web Warriors (CBC/HDTV) http://www.insecure.ro/news/web-warriors-cbchdtv/ http://www.insecure.ro/news/web-warriors-cbchdtv/#comments Mon, 24 May 2010 08:29:44 +0000 inSecure http://www.insecure.ro/?p=336 Salut, am gasit un filmulet interesant pe internet. Are aproape 40 de minute, si zic eu ca merita.

Vizionare Placuta!

]]> http://www.insecure.ro/news/web-warriors-cbchdtv/feed/ 0 Jarlsberg – Web Application Exploits and Defenses http://www.insecure.ro/news/jarlsberg-web-application-exploits-and-defenses/ http://www.insecure.ro/news/jarlsberg-web-application-exploits-and-defenses/#comments Sun, 09 May 2010 21:05:55 +0000 inSecure http://www.insecure.ro/?p=329 Jarlsber

A aparut un nou tool, creat chiar de ‘marele’ Google.
Ce ofera acest tool?!

Learn how hackers find security vulnerabilities!
Learn how hackers exploit web applications!
Learn how to stop them!

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:

How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

O sa il incerc si eu, dupa licenta, ca deocamdata nu am timp. Daca ati reusit sa il testati voi, va rog dati-va cu parerea, sa stiu daca merita sa il incerc.
Apropo, NU sunt fan Google.

Website: http://jarlsberg.appspot.com/
Download: http://jarlsberg.appspot.com/jarlsberg-code.zip

]]> http://www.insecure.ro/news/jarlsberg-web-application-exploits-and-defenses/feed/ 2 Hacking Video – Series – 6 http://www.insecure.ro/social-engineering/hacking-video-%e2%80%93-series-%e2%80%93-5-2/ http://www.insecure.ro/social-engineering/hacking-video-%e2%80%93-series-%e2%80%93-5-2/#comments Mon, 04 Jan 2010 15:53:13 +0000 inSecure http://www.insecure.ro/?p=306

]]> http://www.insecure.ro/social-engineering/hacking-video-%e2%80%93-series-%e2%80%93-5-2/feed/ 2 Hacking Video – Series – 2 http://www.insecure.ro/windows-hacking/hacking-video-series-2/ http://www.insecure.ro/windows-hacking/hacking-video-series-2/#comments Sun, 03 Jan 2010 11:36:03 +0000 inSecure http://www.insecure.ro/?p=294 Partea a 2-a din Seria “Hacking Videos” de la Hcommerce.

]]> http://www.insecure.ro/windows-hacking/hacking-video-series-2/feed/ 0 Websecurify – Web Security Testing Framework http://www.insecure.ro/windows-hacking/websecurify-%e2%80%93-web-security-testing-framework/ http://www.insecure.ro/windows-hacking/websecurify-%e2%80%93-web-security-testing-framework/#comments Thu, 24 Sep 2009 10:55:03 +0000 inSecure http://www.insecure.ro/?p=204 Websecurify – Web Security Testing Framework

Ce este Websecurify?

Websecurify este o initiativa de auditare a aplicatiilor web. Acest tool poate fi folosit atat pentru ataca cat si audita o aplicatie web.
Este compatibil atat cu Windows si Linux cat si MAC!(printre primele ce functioneaza si pe Mac).

Cum functioneaza?

JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments – The core technology can run in normal browsers, xulrunner, xpcshell (command line), inside Java or as part of a custom V8 (Chrome’s JavaScript Engine) build. The core is written with extensibility in mind so that more environments can be supported without changing even a single line of code.
Multi-platform – The tool is available and successfully runs on Windows, Mac OS, Linux and other operating systems.
Automatic Updates – Every single piece of the tool is subjected to automatic updates. This means that newer and more advanced versions of the tool can be shipped to your front door without you lifting your finger. This however is completely optional. The automatic update can be turned off if needed.
Extensions – Because the tool comes wrapped in xulrunner by default (keep in mind that we can support any other JavaScript environment) we benefit from all cool features that Firefox has, such as extensions. Extensions are easy to write and maintain and can customize every single aspect of the tool and there are already tones of resources and documentation, including books and what not, out there to teach you exactly how to do that. We will be providing documentation as well.

Download:
Windows – Websecurify 0.3.exe
Linux – Websecurify 0.3.tgz
Mac – Websecurify 0.3.dmg

]]> http://www.insecure.ro/windows-hacking/websecurify-%e2%80%93-web-security-testing-framework/feed/ 2 SWFScan – Flash Scanner http://www.insecure.ro/hacking-tools/swfscan-%e2%80%93-flash-scanner/ http://www.insecure.ro/hacking-tools/swfscan-%e2%80%93-flash-scanner/#comments Wed, 23 Sep 2009 10:34:28 +0000 inSecure http://www.insecure.ro/?p=202 HP SWFScan este un tool gratuit produs de cei de la HP Web Security Research Group, ce gaseste vulnerabilitati in aplicatii Flash.

Cum functioneaza?
Pai aceastea aplicatie decompileza apicatiile facute pe platforma Adobe Falsh, si extrage codul ActionScript si apoi analizeaza codul, cautand bug-uri.

Pe scurt, el face audit aplicatiilor fara a avea nevoie de codul sursa.
Download here:
SwfScan.msi

]]> http://www.insecure.ro/hacking-tools/swfscan-%e2%80%93-flash-scanner/feed/ 2