I wanted to take a look at an old fuzzer called AutoDafe because its name popped up in several papers I read in regards to protocol and file formats fuzzing. The last version is from August 2006 which is far
This is just a list with applicaitons and frameworks out there that could be used to test your web application pentesting kung fu skills or to test your automated tools. I am trying to keep copy of those with me,
This post is more to document my own “discovery” and not to get into the loop of researching the same topic again and again. And if someone finds it helpful its great. I was searching for PHP static code analysis tools
The Developer Garden (Deutsche Telecom “ecosystem”) announced a new service – automatic code analysis for applications developed using the following technologies – .NET, ASP, VB, JAVA, C/C++, PHP, RUBY, Perl, Java Script. Among the rest of typical marketing sentences regarding
I’m very pleased to write this down – Offensive Security (the maker of Backtrack distro) came up earlier this month with a stable release of their new penetration distribution called Kali. It comes as s BackTrack successor but on the other
Here is amended version of the security source code review questionnaire. I added couple of questions and reworded couple of existing ones to eliminate some ambiguities. Security Source Code Review Questionnaire – v2 (English) Security Source Code Review Scoping Questionnaire
Couple of months ago I finally switched to BurpSuitePro after so many years using the free version and … I do not regret at all. I adapted pretty good to the extra options it provides compared to the free version.
There are many SQL injection cheat sheets out there, but I just stumbled upon another one. It features very nice interface to quickly find what you need. It is a work of Roberto Salgado from Websec.ca. The company also published
Usually when the customer comes with request for security source code review one of the main questions is “How long it will take?”. And the answer of that particular question is not an easy one because it depends on so
Three days ago Adobe Labs surprised me with a beta version of their opensource Air application for SWF analysis called SWFInvestigator. It is available for download from the Adobe Labs website and the source code form the corresponding sourceforgeproject page.