WSFuzzer 1.5 has been released
Andres Andreu writes "WSFuzzer version 1.5 has been released. It is a pen testing tool that audits HTTP based SOAP targets. Details are available at http://www.neurofuzz.com/modules/software/wsfuzzer.php
Not All Banks Requiring SSL
According to news entry on DSHIELD some banks aren't requiring SSL, and even worse aren't submitting credentials over ssl. The findings can be found below. Research Finding Link: https://www.securewebbank.com/loginssluse.html
Web App Vulnerabilities Are Getting More Attention
Information weekly has written an article entitled "Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive" "Attacks designed to bring down networks are largely under control, even though companies still spend plenty of time defending against them. The latest addition to IT teams' worry lists: keeping...
Web App Hack Incidents Are Up As Businesses Take Cover
"Web site hacks are on the rise and pose a greater threat than the broad-based network attacks that have been giving IT departments fits. Whereas attacks against networks disrupt Internet service and negatively impact companies trying to do business over the Web or private networks, attacks against Web applications threaten to steal...
Paros 3.2.10 released
A new version of Paros Proxy has been released. "We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies...
WASC Beerfest in Silicon Valley
Jeremiah Grossman sent this out to the web security mailing list today. "Normally we hold WASC Meet-Ups during large conferences (RSA/ BlackHat) where a lot of web application security people are at same place at the same time. Around the S.F. Bay Area there's enough webappsec people that we we no longer...
HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0
"I really have some good laughs when I tamper with cookies on my machine and watch the results when it is submitted back to the site. On the other hand, I don’t want any one to do the same to the cookies that I make! Cookies, most of the times, shouldn’t be...
New Open Source Web Application Scanner Released (Oedipus)
800m800m Writes "Oedipus is an open source web application security analysis and testing suite written in Ruby by Pentration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web...
ALERT: Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability Discovered
CERT has issued a warning against a new web based threat entitled a "Cross HTTP Response Splitting Session Fixation Smuggling Scripting Vulnerability". According to the founder of DSHIELD Johannes Ullrich "If on April 1st you have specific non default settings in Internet Explorer, visit a serious of 4 specific websites in order...