• Subscribe to the low volume list for updates.


SQL Injection to compromise 10000 web sites

A tool, discovered by Sans Security Handlers, has shed light on how 10000 web sites were compromised earlier this year. An automated SQL injection attack that utilized google searches against ASP pages that contained potential sql injection points is at the core of the attack. While we had a general idea about what they do […]
Read More

Security from the Cloud – Whitepaper

Hacker Target Whitepaper release Security from the Cloud focuses on the reasons why vulnerability scanning out of the cloud makes so much sense. This white paper describes advantages of using a remote Vulnerability Scanning Service contained within the¬†Cloud. A service available from anywhere, by any systems, fully contained as a remote entity and managed by […]
Read More

Automated Web Application Scanners

Interesting reading around open source vs commercial and the future of web application scanning. From the Watchfire blog there is a good discussion with an interesting post and some good comments. A near perfect web application security site testing tool is a difficult thing to achieve, I liken it to the elusive antivirus heuristics which […]
Read More

Nessus Scanning – Command Line

Now that we have outlined the basics of the command line Nmap scan (remember that when it comes to security tools the GUI is for chumps) I will now go on and build on that knowledge with some Nessus command line ninja moves. Firstly you need to install your Nessus Server onto your linux box. […]
Read More

United Nations Compromised

2021 The United Nations Office of Information and Communications technology has a Vulnerability Disclosure Program. A Security Research Group made up of independent security experts - Sakura Samurai - was running tests and was able to find 100K+ Employee Records of the United Nations Environmental Programme (UNEP). A misconfigured Apache webserver exposed files linked to […]
Read More

The June07 Mpack attack

Located in Russian underground forums and built as a commercial package, the MPack Exploit kit was the first documented type of its kind. On 18th of June 2007, a large scale attack was uncovered at an Italian based Web Hosting company. First discovered by Panda Software in May 2007, reports are stating over 10'000 sites […]
Read More