In 2010 I wrote an article about a flaw Google discovered, and published working exploit code when no fix or mitigation existed. This allowed attackers to immediately start using the flaw to hack Google's own users (in this case, the world). Since then Google has announced a new program 'Project Zero' which...
I've been reading web application vulnerability reports from tools and services for 6-7 years and found that 99% of these reports are geared towards security engineers or system administrators. Many of the reports I see focus on The type of flaw and what it its impact is The URL affected Links to...
anantasec posted a scanner comparison to the web security mailing list today. "In the past weeks, I've performed an evaluation/comparison of three popular web vulnerability scanners.This evaluation was ordered by a penetration testing company that will remain anonymous. The vendors were not contacted during or after the evaluation. The applications (web scanners)...
"The team I work in uses both automated scanners, along with a few humans testing (minimum of 2)… A good tester should know the weaknesses of the automated testers.. The problem with automated testers, is, simply put, they are not human. That is they will not have intuition that a given function...
" As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you're running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a network...
"The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can...
This article reviews various tools that can be used to brute force web forms and web based auth. "This mish-mash of security is the basis of Web login vulnerabilities and why passwords are often easily cracked. Be it form-based, HTTP Basic, or NT LAN Manager (NTLM) (the three main types of authentication...
Larry Suto has written a paper reviewing Webinspect, Appscan, and NTO Spider. From the article "The study centered around testing the effectiveness of the top three web application scanners in the following 4 areas. 1. Links crawled 2. Coverage of the applications tested using Fortify Tracer 3. Number of verified vulnerability findings...
The final review of Web application security scanners has been released by darkreading. "As we wrap up our four-month Rolling Review series, we do want to award some partial credit. While only IBM's WatchFire AppScan automatically handled our Ajax applications, Acunetix Web Vulnerability Scanner, Cenzic Hailstorm and Hewlett-Packard WebInspect (post-update) were capable...
"The range of products calling themselves "security scanners" is so broad that the designation is flirting with irrelevance. You have your vulnerability assessment software, which uses large databases of known vulnerabilities. Then there are penetration-testing applications that focus on fewer vulnerabilities but include the ability to exploit flaws instead of just identify...
First the review of SPI Dynamics Webinspect was posted and now Networkcomputing has posted the review for Cenzic's Hailstorm ARC product. "We continue our ongoing review of Web application scanners with a look at Cenzic Hailstorm. While it performed relatively well, Cenzic's ARC Web Interface could use some gussying up. Cenzic's Hailstorm...
For a long long time I have intentionally not posted news about commercial products or services however know that many of you who frequent this site are interested in those sorts of things. Part of the reason why I haven't posted news on commercial products is that I used to work for...
"SQL Injection is perhaps the most common web-application hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. The vulnerability is presented when user input is incorrectly sanitized and thereby executed. Checking for SQL Injection vulnerabilities involves auditing your web applications and the best...
Jeremiah Grossman (Whitehat Security) has typed up an entry on automated vulnerability scanning verses humans. If you're in the position to perform an assessment it's worth the read. Article Link: http://jeremiahgrossman.blogspot.com/2007/02/automated-scanners-vs-low-hanging-fruit.html
Someone has written up a review of 11 security scanners specifically. ISS Internet Security Systems SSS Shadow Security Scanner Retina eEye Nessus GFI Languard Network Security Scanner Qualys www.qualys.com Nstealth Security Scanner www.nstalker.com Nikto Whisker Infiltrator infiltration-systems.com Nscan "I was looking at 3 main areas while evaluating the scanners. 1. Comprehensiveness of...
Donald C. Donzal writes "I remember the first time I heard about the Certified Ethical Hacker certification. It was around the time that I was studying for my CISSP, and I was quite intrigued simply by the name of the certification. Upon first visiting the EC-Council website to find out more about...
