Web Application Security Mode:
(Page 1 of 335)  1 2 3 4 5 6 7 8 9 10 11  Next >
Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform 2016-09-22
Francisco Amato (famato infobytesec com)
After a long sprint we are proud to present Faraday v2.1:

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the imp

[ more ]  [ reply ]
IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.
From my tests IE11 is not following CORS specifications for local
files as supposed to be.
In order to prove I've created a maliciou

[ more ]  [ reply ]
nullcon 8-bit Call for Papers is open 2016-08-24
nullcon (nullcon nullcon net)
Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and

[ more ]  [ reply ]
SpiderFoot 2.7.0 released 2016-08-19
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI

[ more ]  [ reply ]
Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform 2016-08-18
Francisco Amato (famato infobytesec com)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time witho

[ more ]  [ reply ]
Faraday v1.0.21 with our new GTK interface! 2016-06-21
Francisco Amato (famato infobytesec com)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time witho

[ more ]  [ reply ]
Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes! 2016-05-27
Francisco Amato (famato infobytesec com)
A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.

If you've been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v10
19.html
we published a new

[ more ]  [ reply ]
44CON CFP Now Open 2016-05-17
Steve (steve 44con com)
44CON is the UK's premier annual technical security conference and training event. From the evening of the 14th of September till the 16th of September 2016, expect a top-tier international technical conference with fast wifi, loose 0day, catering, a bar and of course, Gin O'Clock.

_____ ______ ___

[ more ]  [ reply ]
Give a warm welcome to Faraday v1.0.19! New GTK interface, Custom Reports & Bug fixing 2016-05-05
Francisco Amato (famato infobytesec com)
Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.

Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take

[ more ]  [ reply ]
Mobile Security Framework (MobSF) v0.9.2 Released 2016-05-03
Ajin Abraham (ajin25 gmail com)
Hey Folks,

Happy to release MobSF v0.9.2

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analy

[ more ]  [ reply ]
Check out faraday v1.0.18! New CLI mode, Jira support & bug fixes! 2016-04-06
Francisco Amato (famato infobytesec com)
Today we are happy to announce that Faraday v1.0.18 is ready!

A short iteration, filled with small powerups - brand new CLI mode
allows you to process reports in batch, new helpers and plugin fixes.

We know that our users rely on a lot of different systems and
solutions and we want to integrate Fa

[ more ]  [ reply ]
Call for Papers and Posters: CSCESM2016 - Greece 2016-03-31
Jackie Blanco (jackie sdiwc info)
====================================================
Paper and Poster Submission Deadline: April 13, 2016
====================================================

The Third International Conference on Computer Science, Computer
Engineering, and Social Media (CSCESM2016)

Metropolitan College, Thessalo

[ more ]  [ reply ]
Releasing Mobile Security Framework v0.9 2016-03-14
Ajin Abraham (ajin25 gmail com)
Hey Folks,

I just released a new version of Mobile Security Framework, an open
source framework capable of performing end to end security testing of
mobile applications.

Mobile Security Framework (MobSF) is an all-in-one open source mobile
application (Android/iOS) automated pen-testing framework

[ more ]  [ reply ]
Approve 2016-03-08
Andrew van der Stock (vanderaj gmail com)


This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ more ]  [ reply ]
ICGCTI2016 Malaysia call for papers and participants 2016-03-03
Jackie Blanco (jackie sdiwc info)
The Fourth International Conference on Green Computing, Technology and
Innovation (ICGCTI2016)
- Part of The Fifth World Congress on Computing, Engineering and
Technology (WCCET) -

Asia Pacific University of Technology & Innovation (A.P.U.)
Kuala Lumpur, Malaysia | September 6-8, 2016

http://sdi

[ more ]  [ reply ]
Make room for faraday v1.0.17! New #maltego & #arachni plugins & more! 2016-02-26
Francisco Amato (famato infobytesec com)
The first of many releases in 2016, Faraday v.1.0.17 (Community, Pro &
Corp) introduces a new Maltego Plugin, support for Mint 17 and Kali
Rolling, and several fixes including installation issues.

Changes:
New Maltego Plugin

Added support for Kali Rolling Edition
Added support for Mint 17
Added us

[ more ]  [ reply ]
RVAsec 2016 CFP is now Open! 2016-02-12
Sullo (sullo cirt net)
RVAsec 5 // June 2-3rd, 2016 // Richmond, VA

RVAsec is a Richmond, VA based security convention that brings top
industry speakers to the mid-atlantic region. In its fourth year,
RVAsec 2015 attracted nearly 400 security professionals from across
the country. For 2016, the conference is a two day a

[ more ]  [ reply ]
Arachni Framework v1.4 & WebUI v0.5.10 have been released (Web Application Security Scanner) 2016-02-09
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Massive performance improvements (approx. 5 times faster browser operations,
much reduced less RAM and CPU usage).
* Significantly improv

[ more ]  [ reply ]
Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) 2015-12-21
Francisco Amato (famato infobytesec com)
We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. If you have a
Pro or Corp license you can now create an Executive Report using only
confirmed vulnerabilities, saving you even more tim

[ more ]  [ reply ]
Re: Whitepaper: SMTP Injection via recipient email addresses 2015-12-18
Amit Klein (aksecurity gmail com)
Well done, Takeshi. And very nice research, BTW.

Best,
-Amit

On Fri, Dec 18, 2015 at 5:13 AM, Takeshi Terada <mbsdtest01 (at) gmail (dot) com [email concealed]> wrote:
> Dear Amit Klein and all,
>
> Thanks for letting me know previous researches.
> I was not aware of Insomnia's paper mentioning injection to RCPT.
> I added

[ more ]  [ reply ]
Re: Whitepaper: SMTP Injection via recipient email addresses 2015-12-18
Takeshi Terada (mbsdtest01 gmail com)
Dear Amit Klein and all,

Thanks for letting me know previous researches.
I was not aware of Insomnia's paper mentioning injection to RCPT.
I added the links to the works you mentioned to the paper.
Revised version is available at the same URL:
http://www.mbsd.jp/Whitepaper/smtpi.pdf
I really apprec

[ more ]  [ reply ]
IoT Authentication 2015-12-17
Saghar Estehghari (s estehghari gmail com)
Hi,

Recently, I've started an IoT project with my team. We are trying to
implement cyber-security functions into embedded device in a way to
reduce the load on such devices. Currently, authentication is our
case of study. We are looking for a solution that applies to a small
group of embedded devi

[ more ]  [ reply ]
Re: Whitepaper: SMTP Injection via recipient email addresses 2015-12-16
Amit Klein (aksecurity gmail com)
Dear Takeshi Terada

Thanks for sharing your paper. I'd like to draw your attention to the following:

Injection into RCPT is mentioned in
https://www.insomniasec.com/downloads/publications/Common_Application_Fl
aws.ppt
(see slides 15-16) released November 2008 (see
https://www.insomniasec.com/releas

[ more ]  [ reply ]
Whitepaper: SMTP Injection via recipient email addresses 2015-12-09
Takeshi Terada (mbsdtest01 gmail com)
Dear all,

MBSD released a whitepaper titled "SMTP Injection via recipient email
addresses."
http://www.mbsd.jp/Whitepaper/smtpi.pdf

The paper discusses SMTP Injection attacks via malformed recipient
email addresses in some email libraries in Ruby, Java and PHP.

TOC
1. Introduction
2. How the atta

[ more ]  [ reply ]
SiteWIX - (edit_photo2.php id) SQL Injection Exploit 2015-10-21
ZoRLu Bugrahan (zorlu milw00rm com)
#!/usr/bin/env python
#-*- coding:utf-8 -*-

#Title : SiteWIX - (edit_photo2.php id) SQL Injection Exploit
#Author : ZoRLu / zorlu (at) milw00rm (dot) com [email concealed]
#Website : milw00rm.com / milw00rm.net / milw00rm.org / milw0rm.info
#Twitter : https://twitter.com/milw00rm or @milw00rm
#Test : Windows7 Ultimate
#Disc

[ more ]  [ reply ]
Re: hsecscan v0 (https://github.com/riramar/hsecscan) 2015-10-20
Ricardo Iramar dos Santos (riramar gmail com)
Yes, I saw Scott's website and other interesting stuff.
We changed some twitters
(https://twitter.com/Scott_Helme/status/639756303376773120).

On Tue, Oct 20, 2015 at 11:52 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
> Have you seen this project by Scott?
>
> https://securityheaders.io/
>
> Similar

[ more ]  [ reply ]
Re: hsecscan v0 (https://github.com/riramar/hsecscan) 2015-10-20
Robin Wood (robin digininja org)
Have you seen this project by Scott?

https://securityheaders.io/

Similar to yours except works from a website rather than cli.

Robin

On 20 October 2015 at 14:24, Ricardo Iramar dos Santos
<riramar (at) gmail (dot) com [email concealed]> wrote:
> Make sense. I'll include your suggestion in my TODO list.
> My first goal for t

[ more ]  [ reply ]
Re: hsecscan v0 (https://github.com/riramar/hsecscan) 2015-10-20
Ricardo Iramar dos Santos (riramar gmail com)
Make sense. I'll include your suggestion in my TODO list.
My first goal for the version 0 was construct a simple "platform" and
make it usable.
One of the goals for version 1 is improve the database with users
feedback like yours.
Thanks!

On Tue, Oct 20, 2015 at 10:21 AM, Robin Wood <robin@digininj

[ more ]  [ reply ]
Re: hsecscan v0 (https://github.com/riramar/hsecscan) 2015-10-20
Robin Wood (robin digininja org)
I'd say both of those were references not recommendations, the
recommendation should be something along the lines of:

Ensure cookies protecting important data, such as session tokens, are
correctly protected (httponly and secure flags).
Beware session fixation

I may add ensure good entropy on sess

[ more ]  [ reply ]
Re: hsecscan v0 (https://github.com/riramar/hsecscan) 2015-10-20
Ricardo Iramar dos Santos (riramar gmail com)
Thanks for your advise and opinion.
Have you seen the recommendations field?
Do you have a suggestion for a better security description?

>> Recommendations: Please at least read these references:
>> https://tools.ietf.org/html/rfc6265#section-8 and
>> https://www.owasp.org/index.php/Session_Manag

[ more ]  [ reply ]
(Page 1 of 335)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus