For those of you who are interested in taking a security class that
promises to teach you ethical hacking and how to think like the enemy,
let me save you some time and money on what you will learn:

http://www.infosecisland.com/blogview/20607-What-They-Dont-Teach-You-in-
Thinking-Like-the-Enemy-Cl

[ more ]  [ reply ]

All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values â??â??can be found in the environment variables. The GET and POST parameters are typically entered

[ more ]  [ reply ]

Hi all,

I would like to invite you to participate in a survey investigating the effort required to discover web application input validation vulnerabilities given different scenarios - a topic that needs further exploration. This survey is carried out by a research group from the Royal Institute of

[ more ]  [ reply ]

Hi, for one of my websites, I have been required to use a web application
scanner that tests against the OWASP Top Ten threats. I'm looking for a
scanner that does this that is inexpensive or free.

Possible scanners I've found for this include the OWASP Zed Attach Proxy
Project, Sonar, and w3af, b

[ more ]  [ reply ]

A new write up at InfoSec Institute on circumventing NAT. While this is
nothing new, not a lot of people actually understand how this works.  

The process works in the following way. We assume that both the systems A
and B know the IP address of C.

a) Both A and B send UDP packets to the host C. A

[ more ]  [ reply ]

Bring your board, booze, and sunscreen it is time for:

----++++++++++++++++++++++++++++++++++++----
Shakacon IV - Honolulu Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP.txt
----++++++++++++++++++++++++++++++++++++----

Who: Shakaco

[ more ]  [ reply ]

PenTest Laboratory is a training platform founded and lead by the creators of
PenTest Magazine. I would like to propose you participation in new
initiative â?? on-line penetration testing courses. Courses will be led by
Jeremy Faircloth, well known IT security expert with over 20 years of
experienc

[ more ]  [ reply ]

Hello everybody,

I was released a plugin for burpsuite that allow send URLs to sqlmap
with a simple right mouse click.

You can find doc and tool in:

http://blog.buguroo.com/?p=2471

Regards!

------------------------------------------------------------------------

This list is sponsored by: Info

[ more ]  [ reply ]

Have you access to any other account? Is there any network service running? Being centos 4.1 (2005-Oct-21 says the mirror) if it is unpatched perhaps you can find a vulnerability and gain more access.

 
nmap it, is sshd running? try 500 most common passwords. Do you have time? try a bigger dictiona

[ more ]  [ reply ]

An InfoSec Institute Review on Creating backdoors using SQL Injection:

http://resources.infosecinstitute.com/backdoor-sql-injection/

A novel technique that highlights the risk of not chrooting your SQL
servers.

------------------------------------------------------------------------

This list

[ more ]  [ reply ]