background preloader

Attack

Attack
This category is for tagging common types of application security attacks. What is an attack? Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. All attack articles should follow the Attack template. Examples: Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Subcategories This category has the following 12 subcategories, out of 12 total. Pages in category "Attack" The following 68 pages are in this category, out of 68 total.

BitTorrent Turns Web Browsers Into a File-Sharing Hub BitTorrent Inc., the people behind the popular BitTorrent client uTorrent, have just unveiled a new project that turns web browsers into fully fledged file-sharing hubs. "Torque" uses the new Btapp.js library and enables developers to code a wide variety of browser-based file-sharing apps. To show what it's capable of, BitTorrent released a torrent client for Chrome and a browser-based file-sharing app. Downloading torrents in a web-browser is nothing new. Opera integrated BitTorrent support half a decade ago, and for other browsers there are plugins and web-based tools available. However, BitTorrent Inc. believes that much more can be done from the browser environment. With Torque, developers can easily build a wide variety of downloading and sharing web-apps. “Torque is both an underlying, fully fledged torrent client, as well as a simple JavaScript interface designed to make the technology as accessible as possible,” Patrick Williams, lead engineer on Torque told TorrentFreak.

Packet Injection Basics Presentation Description: The Packet Injection basics presentation is an in-depth tutorial on various packet injection programming techniques. We will look at how to construct various headers and then bunch them together to form a complete packet and then how to send this packet over the network. This presentation is a necessary pre-requisite for all the other packet injection videos in this tutorial series. Links:<br><br>1. Raw sockets basics presentation <br><br>2. Tags: programming , Disclaimer: We are a infosec video aggregator and this video is linked from an external website. Comments:

Linux/UNIX For DOS Users Command Comparison: To find out how to do something on UNIX simply type "man -k subject_matter". This will do a key word search for all commands dealing with the subject matter. Then use the appropriate command. Online manuals are available on all the commands by typing "man command_name". MS/Windows info: Shell Descriptor/Operators: Shell Script Operators: Bash shell aliases for DOS users: The following are bash shell aliases which can be added to the system profile or the user's personal profile ($HOME/.bashrc) to correct and help DOS users on Linux. Devices: Equivalent Linux and MS/Windows GUI Applications: Links: YoLinux Tutorials: bash - Bash man page Books:

HTML5 Presentation In March 1936, an unusual confluence of forces occurred in Santa Clara County. A long cold winter delayed the blossoming of the millions of cherry, apricot, peach, and prune plum trees covering hundreds of square miles of the Valley floor. Then, unlike many years, the rains that followed were light and too early to knock the blossoms from their branches. Instead, by the billions, they all burst open at once. Seemingly overnight, the ocean of green that was the Valley turned into a low, soft, dizzyingly perfumed cloud of pink and white. Then came the wind. It roared off the Pacific Ocean, through the nearly uninhabited passes of the Santa Cruz Mountains and then, flattening out, poured down into the great alluvial plains of the Valley. This perfumed blizzard hit Stevens Creek Boulevard, a two-lane road with a streetcar line down its center, that was the main road in the West Valley.

Null Byte - The aspiring grey hat hacker / security awareness playground « Wonder How To C++ Programming/Exercises/Iterations Iterations[edit] Solutions requirements Solutions must: Use only standard C++.Be compilable.Be in accordance to general coding practices. and should: Handle error situations, even if behavior is not defined. Please do not add solutions that are 99% similar to another that is already present, if it is an improvement just add it to the existing solution. EXERCISE 1[edit] Write a program that asks the user to type an integer and writes "YOU WIN" if the value is between 56 and 78 (both included). int main() {int i; cout << "Type all numbers between 58 and 73: " << endl; cin>>i; if (i>=58 && i<=78) { cout << "YOU WIN" << i << endl; else cout<<"YOU LOSE!" EXERCISE 2[edit] Write a program that asks the user to type all the integers between 8 and 23 (both included) using a for loop. Solution Alternative solution by Bartosz Radwanski //Alternative solution by Bartosz Radwanski//This one allows the numbers to be entered in random order and exits//when all correct numbers have been entered. Alternate solution

RGB-to-Hex Color Converter RGB-to-Hex Conversion Question: How do I convert RGB values of a color to a hexadecimal string? Answer: The RGB-to-hexadecimal converter algorithm is simple: make sure that your values are in the range 0...255, convert R, G, B to hex strings, and then concatenate the three hex strings together. function rgbToHex(R,G,B) {return toHex(R)+toHex(G)+toHex(B)} function toHex(n) { n = parseInt(n,10); if (isNaN(n)) return "00"; n = Math.max(0,Math.min(n,255)); return "0123456789ABCDEF".charAt((n-n%16)/16) + "0123456789ABCDEF".charAt(n%16); } Notes: The script parses the input R, G, B values as integers using the standard function parseInt(string,10); the second, optional argument 10 specifies that the value must be parsed as a decimal number. RGB/hex codes for named colors supported in most browsers are listed below: See also:

Security Testing your Apache Configuration with Nikto Introduction By now you've got the perfect setup for your new Ubuntu 6.0.6 (Dapper Drake) box. You may have even followed the excellent Intrusion Detection and Prevention with BASE and Snort tutorial. And as an added precaution you installed DenyHosts to prevent hack attempts via ssh. But now that you've got your new LAMP server on the internet, how can you tell that your new web server is secure? This tutorial, inspired by one of the chapters in Hardening Apache by Tony Mobily (APress), will show you how to set up the free web server security scanner tool, Nikto. Remember, only scan servers you own or that you have permission to scan, or you could easily risk legal action and jail time. Let's get started. 1.1 Installing Net_SSLeay Net_SSLeay is a Perl Module that adds the ability to connect over SSL connections. I generally create a /src directory to download all my source files into, and will be doing that first. mkdir /src cd /src Now we can download the Net_SSLeay Perl Module source:

CSS Angles: Just the Edge Your Web Page Needs! With the influx of JavaScript libraries like jQuery and Prototype, a lot of the more basic elements of front-end development have fallen through the cracks. Gone are the days when we would sit down for a couple of hours to find a creative way to solve a CSS problem; now we immediately turn to JavaScript. Not to say that it’s a bad thing – it is what it is in the current state of web development. But sometimes we have to look back on those old techniques to find a new way of achieving a solution. The first place I saw the use of CSS angles was in Eric Meyer’s Slantastic demo. The border Property The border property is one of the most used and valuable properties available in CSS. border-width: 10px; border-style: solid; border-color: #333333; And in shorthand: border: 10px solid #333; There are also some popular CSS3 properties that have found their way onto the Web via vendors’ proprietary extensions: -moz-, -webkit-, and -khtml-. Creating the Triangle Building a Shelf Benefits Closing

Related: