Web Security
Page 2 of 41234

Oct 5th, 2006

Comments: 0
Category: Web Security
Read More

Really interesting study on the prevalence of SQL injection

Michael Sutton’s Blog : How Prevalent Are SQL Injection Vulnerabilities? Really interesting study showing that of a sample population of web apps. live on the Internet 11.3% had SQL injection vulnerabilities. I also thought it was very interesting to see how a combination of the googleAPI and some relatively simple coding can be turned into […]

Sep 26th, 2006

Comments: 0
Category: Web Security
Read More

XSRF example

Google Cross-site Request Forgery Cross Site Request Forgery is one of those vulnerability classes that can be a bit tricky to explain, so it’s always nice to find a decent live example. This one’s pretty harmless, just changes your google languange preferences, but I reckon that we’ll see a real growth in this kind of […]

Aug 30th, 2006

Comments: 0
Category: Web Security
Read More

whups sounds like someone forgot to get a Pen.Test done

O2 closes call records site after security flap | The Register whenever I read this kind of story it makes me reckon that the victims probably hadn’t had a recent Pen. test done, and the kind of URL manipulation described would likely have been picked up by most testers. However kudos to O2 for admitting […]

Aug 30th, 2006

Comments: 0
Category: Web Security
Read More

Good post on the dangers of XSS

TaoSecurity: Why 0wn When You Can XSS I’ve come across a lot of postings where people doubt the impact of XSS, this post is a good exmaple of why it can be pretty serious. Replacing content on trusted news sites is an interesting attack which could be leveraged in a number of ways (pump-dump stock […]

Jun 21st, 2006

Comments: 0
Category: Web Security
Read More

Sometimes doing the right thing is wrong

iKu Systemhaus AG – Sicherheit Advisory about a new(?) character encoding issue. The problem for Internet Explorer appears to be that they handle the encoding correctly but that A-V /Filtering systems may not, essentially obfuscating attacks on the browser….

Jan 20th, 2006

Comments: 0
Category: Web Security
Read More

Web 2.0

The Best Web 2.0 Software of 2005 (web2.wsj2.com) Some interesting information on web 2.0 sites.