We Need Better Web Tools

Oh yes, we certainly do! And let me tell you something: they ain’t going to be quite the same thing as what we are used to.

Back in the days all you needed was a poxy, a dummy scanner/spider just to lift of your back some of the repetitive and boring things, and your brain. You are pretty much settled. Today, you need to do things beyond that. Web technologies are just starting to show their ugly face and we are here to see/experience them for the first time. [...]

more | comments | comments rss | posted by

Reviewing Practical PHP Exploitation Techniques

The OWASP London Chapter last night (03/Apr/08) was excellent. Thanks to everyone involved for a top night!

For those who didn’t attend, Rodrigo Marcos discussed his research on hacking PHP sockets for fun and profit. I found the concept very interesting. He discussed hacking PHP sockets; however, the techniques he discusses could be used as an application reverse proxy, although, scalability and stability could be a problem. [...]

more | comments | comments rss | posted by

Atom Database

The purpose of this project is to collect useful attack snippets (atoms) which can be employed when performing WEB Application Security testing. Atom submissions must follow certain format which is:

Atom name – It must be enclosed inside <h3>[atom name here]</h3> tags.
Atom description – It must start on a new paragraph.
Atom code – It must be enclosed inside <pre><code>[atom code here]</code></pre> tags. [...]

more | comments | comments rss | posted by