• Subscribe to the low volume list for updates.

Blog

Webscarab and Ratproxy installation and chaining

In this mini tutorial we are going to use Webscarab and Ratproxy together in a chained fashion. This will enable passive testing of a web application by Ratproxy, with more active intercepting proxy testing to be done by Webscarab. For this reason we will run Ratproxy as the first hop in the proxy chain with […]
Read More

Nessus 5 on Ubuntu 12.04 install and mini review

Having yet to play with Nessus 5, today I grabbed a copy and installed it into my Ubuntu 12.04 64 bit system. Take note I am having a quick look at the product, not using it in a commercial manner as part of the work done by HackerTarget.com. This would require a professional feed license […]
Read More

Install Rapid7’s Nexpose community edition

This is a quick overview of how to install Rapid 7 vulnerability scanner Nexpose on Ubuntu 12.04. Included is a very light review. There are different versions of the NeXpose engine, we will be using the community edition on 64 bit Linux. The company is more famous for its penetration testing framework Metasploit, so lets […]
Read More

Woothemes Framework Update Analysis

In this post, I examine the fact that only 31% of Wootheme based sites in the top 1 million are running the latest version of the Wootheme Framework. WordPress themes are an important part of the security checklist when maintaining your WordPress installation. An essential security maintenance function of any WordPress install is performing regular […]
Read More

WordPress themes in top 1 million websites

WordPress themes have been extracted from our latest analysis of the worlds top 1 million websites (by alexa rank). Digging into the data shows interesting trends in the WordPress content management space, and provides insight into security vulnerabilities. Third-party Wwordpress components that include plugins and themes can introduce exploitable security issues. Methodology To determine themes […]
Read More

sqlmap POST request injection

In the past using sqlmap to perform POST request based SQL injections has always been hit and miss (more often a miss). However I have recently had to revisit this feature and have found it be to much improved. Both in ease of use and accuracy. This is a quick step by step guide to […]
Read More

Nmap 6.00 added to online port scanning tool

We have completed testing and rolled out the latest Nmap release version 6, to our online port scanner service. At this stage we have enabled Nmap 6 on the immediate port scan page, but are still testing it for scheduled port scanning. This will be upgraded once testing has completed. Congratulations to the Nmap development […]
Read More

HTTP Header Security Analysis

In our analysis of the technology used by the worlds top websites, we queried the data on the usage of HTTP Header security controls. This is a breakdown of the HTTP Header security features that have been developed by different organizations. These controls can utilize features in the web browser to protect the user from […]
Read More

WPScan added to WordPress Security Scan

For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst (ethicalhack3r.co.uk). The scan uses techniques that include brute forcing the plugins directory of a wordpress installation to find installed plugins. This is an accurate way to find plugins […]
Read More

Joomscan added to the online Joomla Security Scan

Our Joomla Security Scanner tool has been extended with the Joomscan security testing tool. Joomscan is a tool that tests a Joomla installation for known vulnerable plugins and core security configuration mistakes. Detection of these vulnerabilities will allow a web site owner to get the plugins update or fixed before they get attacked. Joomla is […]
Read More