Web Security
Page 3 of 41234

Sep 5th, 2005

Comments: 0
Category: Web Security
Read More

Cool overview of XSS attacks

Commonly Asked Cross-Site Scripting Questions | SecGuru There’s a good guide to how Cross site Scripting attacks occur and some of the ways to defend against them over at secguru. One thing I’d add, is that if you’re working in a Microsoft world, using ASP.NET is a very good idea as the default config. seems […]

Aug 31st, 2005

Category: Web Security
Read More

The eternal tradeoff… performance annd security

SSL > Banks Abandoning SSL On Home Page Log-Ins > August 23, 2005″ href=”http://www.informationweek.com/story/showArticle.jhtml?articleID=169600305″>InformationWeek > SSL > Banks Abandoning SSL On Home Page Log-Ins > August 23, 2005 Interesting story noting that some big financial players in the US are changing their banking login pages from SSL for the whole page, to just creating an […]

Apr 20th, 2005

Comments: 0
Category: Web Security
Read More

sql injection resources

ok recently I’ve been using SQL injection in some Penetration testing work I’ve been doing, so I thought it would be worth getting together all the links/White Papers I’ve been using/found useful. Start off with two papers, which are more advanced but which have been the most useful one’s I’ve found in the sense of […]

Mar 20th, 2005

Comments: 0
Category: Web Security
Read More

Here’s a service to avoid.

Scams, Frauds & Viruses On this page there’s a write-up of a service called MarketScore which tracks your movements on the Internet by becoming an Internet proxy for your browser, if you sign up to it. Now that’s maybe something you wouldn’t want, but there’s more. As part of the installation they install their own […]

Mar 14th, 2005

Comments: 0
Category: Web Security
Read More

Spyware attacks on alternate browsers

Slashdot | IE Vulnerable to Cross-Browser Spyware Attack Looks like as alternate browsers get more popular, we’ll start seeing more attacks levelled at them, although there is some irony that this one uses Internet Explorer to actually effect the compromise.

Mar 14th, 2005

Category: Web Security
Read More

The web is not a safe place to be these days!

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis Interesting to see new categories of attacks gaining in popularity, as highlighted in this handlers’ diary entry. Adding malicious content to hosted websites is a handy way for malware authors to ensure that their code will […]

Dec 28th, 2004

Comments: 0
Category: Web Security
Read More

An object lesson in the importance of maintaining domain names

Over at cryptome.org there’s a page – British Military Intelligence Website Hijacked Looks like the MOD forgot or didn’t want to renew the DNS for intelligencecorps.co.uk! As a result someone in the US (cryptome say that it’s a former british agent, not sure where that info. comes from) has registered the domain, and will be […]

Dec 18th, 2004

Comments: 0
Category: Web Security
Read More

Very nasty vulnerability in IE

Massive IE phishing exploit discovered – ZDNet UK News Well if anyone needed another reason to avoid using Internet Explorer, I think that this vulnerability provides it. If you have a look at the demonstration at secunia you get a very scary (if you’re responsible for the security of an e-commerce site) demonstration. As far […]