CGISecurity Logo

Topics

Tags

  • Website Updates

    Posted by Robert A on

    in
    | |

    I've added a bunch of papers to The Library section be sure to check them out!

  • Paros v3.1.3 Released

    Posted by Robert A on

    in
    ,
    | |

    "Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept, modify and debug HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning." – Paros [New features] " – Allow to run the scanner on a paticular request shown in…

  • Web Application Security Consortium (WASC) releases ‘Threat Classifications’ document

    Posted by Robert A on

    in
    , ,
    | |

    WASC has released a web security 'Threat Classifications' document that attempts to help clarify some of the terms used in web security (such as xss, session fixation, insufficient authorization, etc…). Additional information can be found at the link below. http://www.webappsec.org/threat.html

  • PHP 4.3.8 released to address security issues

    Posted by Robert A on

    in
    | |

    PHP 4.3.8 and 5.0.0RC3 were released today to address a few security problems. Users running older versions are urged to upgrade (bla bla bla). PHP Download Page PHP Changelog

  • IIS 4.0 Buffer overflow discovered and other microsoft patches

    Posted by Robert A on

    in
    | |

    Microsoft has released 7 different advisories today. One of the vulnerabilities disclosed was a remote overflow in IIS 4.0.

  • Web Application Security Consortium group formed

    Posted by Robert A on

    in
    ,
    | |

    A new web security group called The Web Application Security Consortium announced itself today. This group will release documents, and form projects to help address some of the issues in web security. The first release by this group is the "Web Security Glossary", a index of all common terminology involving web application security. " The…

  • Free Web Services Security Tool

    Posted by Robert A on

    in
    | |

    I found a free tool by Vordel that is very useful for people who plan on auditing their web services for security vulnerabilities called "Vordel SOAPbox" (Registration required). http://www.vordel.com/soapbox/index.html http://www.vordel.com/soapbox/more.html

  • New Approach to .NET obfuscation

    Posted by Robert A on

    in
    ,
    | |

    I found an interesting article on slashdot talking about a new technology that will further lockdown .NET applications. From this initial article this looks like a promising new technology. "One area of research is called "Program State Code Protection,” or PSCP, which means changing the code AS IT RUNS to make it harder for a…

Favorite Links

Twitter

Twitter

Popular Pages

WASC Threat Classification

Copyright 2000-2026 CGISecurity.com – The oldest application security site online, predating OWASP.