background preloader

Web Application Exploits and Defenses

Web Application Exploits and Defenses
Related:  Techniques de Hacking

Comment bien sécuriser un site Web De Memodev. La sécurité est primordiale sur un site internet. Il est impératif de comprendre que la sécurité est une mesure, pas une caractéristique. Pré-requis La complexité du code est à proscrire, un code illisible n'est pas sécurisable. Les meilleurs tutoriels pour sécuriser son site Web Checklist de la sécurité en PHP Apprendre les différentes failles htaccess Tutoriel simple sur les .htaccess Tutoriel assez complet sur les .htaccess , avec des liens intéressants Tutoriel assez complet sur les .htaccess Tutoriel de développez.com sur les .htaccess Aide mémoire sur les .htaccess et aide mémoire sur le mode rewrite Bonnes pratiques pour sécuriser son site Web Bien configurer votre serveur Pour sécuriser un serveur, vous allez avoir besoin de modifier certaines variables de configuration. Ces paramètres sont appelés des directives et peuvent être modifiées de 3 manières différentes : Dans un .htaccess. Certaines directives ne peuvent pas être modifiées partout. $page=isset($_GET['p']) ?

ACM SIGMOBILE Seventh Annual International Conference on Mobile Computing and Networking Schedule-at-a-Glance The ACM SIGMOBILE Annual International Conference on Mobile Computing and Networking is dedicated to addressing the challenges of the wireless revolution. The conference serves as the premier international forum addressing networks, systems, algorithms, and applications that support the symbiosis of mobile computers and wireless networks. For those of you familiar with this annual conference, you will notice that our usual acronym is missing this year. We are very pleased to announce that the 7th Annual ACM International Conference on Mobile Computing and Networking is supported by the Italian President of the Republic and the Comune di Roma." IMPORTANT NOTE: Conference participants need to BRING THEIR OWN 802.11 wireless interface cards for their LAPTOPS. A can't-miss event for the nascent entrepreneurs among us is planned for Tuesday afternoon, July 17. Dear Prospective Conference Participants,

Openwall Project - Information Security software for open environments Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources Mozilla Firefox Freedom of speech should not be sacrificed in the recording industry's war to restrict the public from making copies of digital music. EFF has asked a federal court to declare that scientists from Princeton and Rice University can publish their research on digital music security weaknesses at the USENIX Conference in August 2001. When a team led by Princeton Professor Edward Felten accepted a public challenge by the Secure Digital Music Initiative (SDMI) to break new security systems, they did not give up their First Amendment right to teach others what they learned. Yet they have been threatened by SDMI and the Recording Industry Association of America (RIAA) to keep silent or face litigation under the Digital Millennium Copyright Act (DMCA). Professor Felten has a career teaching people about security, yet the recording industry has censored him for finding weaknesses in their security. Frequently Asked Questions About Felten v. Supplemental Declaration of Ed Felten - Plaintiff Prof.

(In)Security of the WEP algorithm This is some information about our analysis of the Wired Equivalent Privacy (WEP) algorithm, which is part of the 802.11 standard. This work was performed jointly by Nikita Borisov, Ian Goldberg, and David Wagner. If you have any questions, please contact us at wep@isaac.cs.berkeley.edu. Executive Summary We have discovered a number of flaws in the WEP algorithm, which seriously undermine the security claims of the system. Passive attacks to decrypt traffic based on statistical analysis. Our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment. Note that our attacks apply to both 40-bit and the so-called 128-bit versions of WEP equally well. WEP setup The 802.11 standard describes the communication that occurs in wireless local area networks (LANs). WEP relies on a secret key that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (ie. a base station). Problems Attacks Monitoring

.:: Phrack Magazine ::. SecurityXploit: Pentest web-sorrow - Linux Am Saturday, 19. May 2012 im Topic 'Pentest' A perl based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. I will build more Functionality in the future. what is's NOT: Vulnerably scanner, inspection proxy, DDoS tool, exploitation framework. basic: perl Wsorrow.pl -host scanme.nmap.org -S look for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e -ua "I come in peace" Permalink HackBar 1.6.1 - Add-on Am Friday, 4. This toolbar will help you in testing sql injections, XSS holes and site security. " # Load url ( alt a ) This loads the url of the current page into the textarea. Permalink maxisploit-scanner Am Monday, 30. This tool has three purposes : 1. 3. 4. X-Scan

Related: