Penetration Testing Mode:
(Page 6 of 636)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Pentesting on databases? 2012-03-21
stayp0s (stayp0s sec gmail com) (4 replies)
Hi list,

I'm planning do a pen testing to ensure running databases(mysql,
postgreSQL, and so on) are secure.
Anyone has useful reference guidelines about that?

Thank you!

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Cert

[ more ]  [ reply ]
Re: Pentesting on databases? 2012-03-21
Danux (danuxx gmail com)
RE: Pentesting on databases? 2012-03-21
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? 2012-03-21
Ramiro Caire (ramiro caire gmail com)
Re: Pentesting on databases? 2012-03-21
Eric Schultz (fire0088 gmail com) (2 replies)
RE: Pentesting on databases? 2012-03-21
Ziots, Edward (EZiots Lifespan org)
Re: Pentesting on databases? 2012-03-21
Ahmed S. Shibani (sheipani gmail com)
Time based Blind SQL injection 2012-03-13
Danux (danuxx gmail com)
Nothing new, just a different approach to automated the process of
blind injection based on time.

http://danuxx.blogspot.com/2012/03/time-based-blind-sql-injection.html

Hope you find it useful.

--
DanUx

------------------------------------------------------------------------

This list is sponso

[ more ]  [ reply ]
Windows Credentials Editor (WCE) v1.3beta 32bit release 2012-03-09
Amplia Security Research (research ampliasecurity com) (1 replies)
WCE v1.3beta 32bit released.

Download link: http://www.ampliasecurity.com/research/wce_v1_3beta.tgz

Changelog:

version 1.3beta:
March 8, 2012
* Bug fixes
* Extended support to obtain NTLM hashes without code injection
* Added feature to dump login cleartext passwords stored by the Digest
Authenti

[ more ]  [ reply ]
Re: Windows Credentials Editor (WCE) v1.3beta 32bit release 2012-03-10
Jeffrey Walton (noloader gmail com)
[HITB-Announce] HITB2012AMS SIGINT - Call for Submissions 2012-03-08
Hafez Kamal (aphesz hackinthebox org)
This is a call for submissions for the HITB SIGINT sessions at
HITB2012AMS - The third annual HITB conference in Amsterdam taking place
at the Okura from the 21st - 25th of May.

The HITB SIGINT (Signal Intelligence/Interrupt) sessions are designed to
provide a quick 15 - 30 minute overview for mate

[ more ]  [ reply ]
What They Don't Teach You in "Thinking Like the Enemy" Classes 2012-03-06
Pete Herzog (lists isecom org)
For those of you who are interested in taking a security class that
promises to teach you ethical hacking and how to think like the enemy,
let me save you some time and money on what you will learn:

http://www.infosecisland.com/blogview/20607-What-They-Dont-Teach-You-in-
Thinking-Like-the-Enemy-Cl

[ more ]  [ reply ]
Cookie based SQL Injection 2012-03-06
Adam Behnke (adam infosecinstitute com)

All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values â??â??can be found in the environment variables. The GET and POST parameters are typically entered

[ more ]  [ reply ]
A survey on web application security 2012-03-01
Hannes Holm (Hannes Holm ics kth se) (1 replies)
Hi all,

I would like to invite you to participate in a survey investigating the effort required to discover web application input validation vulnerabilities given different scenarios - a topic that needs further exploration. This survey is carried out by a research group from the Royal Institute of

[ more ]  [ reply ]
SV: A survey on web application security 2012-03-18
Hannes Holm (Hannes Holm ics kth se)
OWASP Top 10 penetration testing software? 2012-02-28
webcat (matthew mckinzie lewin com) (7 replies)

Hi, for one of my websites, I have been required to use a web application
scanner that tests against the OWASP Top Ten threats. I'm looking for a
scanner that does this that is inexpensive or free.

Possible scanners I've found for this include the OWASP Zed Attach Proxy
Project, Sonar, and w3af, b

[ more ]  [ reply ]
Re: OWASP Top 10 penetration testing software? 2012-02-28
Nathalie Vaiser (nvaiser gmail com)
Re: OWASP Top 10 penetration testing software? 2012-02-28
David Mirza (dma subgraph com)
Re: OWASP Top 10 penetration testing software? 2012-02-28
psiinon (psiinon gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? 2012-03-05
Zaki Akhmad (zakiakhmad gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? 2012-03-05
psiinon (psiinon gmail com) (1 replies)
RE: OWASP Top 10 penetration testing software? 2012-03-05
Adam Behnke (adam infosecinstitute com)
Re: OWASP Top 10 penetration testing software? 2012-02-28
Tim Gonzales (tim gonzales gmail com)
Re: OWASP Top 10 penetration testing software? 2012-02-28
martin mngoma gmail com (1 replies)
Re: OWASP Top 10 penetration testing software? 2012-02-28
Robert Wood (robertwood50 gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? 2012-02-28
martin mngoma gmail com
Re: OWASP Top 10 penetration testing software? 2012-02-28
Michele Orru (antisnatchor gmail com)
Re: OWASP Top 10 penetration testing software? 2012-02-28
M. Hani Benhailes (kroosec gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? 2012-02-28
webcat (matthew mckinzie lewin com)
Circumventing NAT via UDP hole punching. 2012-02-22
Adam Behnke (adam infosecinstitute com)
A new write up at InfoSec Institute on circumventing NAT. While this is
nothing new, not a lot of people actually understand how this works.  

The process works in the following way. We assume that both the systems A
and B know the IP address of C.

a) Both A and B send UDP packets to the host C. A

[ more ]  [ reply ]
(Page 6 of 636)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus