Web application fuzzing is a method of detecting a web application’s vulnerabilities prior to deploying the application on a production system. Users of this approach send several malicious requests to the application and, based on the responses received, determine the application’s security posture. Users also can apply fuzzing to perform tests on several different attack vectors such as SQL, XPATH, and LDAP injection, and error handling.
Read Here
Archive for January, 2007
Detect Your Web Application’s Vulnerabilities Early with Ruby
January 31, 2007SimSafer RC2 (edited)
January 27, 2007 
this text edited .
————————
SimSafer is a Small Software To Safe your PC (windows xp sp1 & sp2 ) .
Is not firewall or anti-spy or Stable anti-virus .
It Is emergency Software :
1- IT do fixed 45 security Option In windows
2- Have Live Antivirus (with bitdefender Engine) & Delete Viruses from Kernel Level & Mark kernel Class like antibody .
3- check MS windows security patchs and …
4- (In RC3 ) Check Open Port & Allow manage IT .
Simsafer can active your windows for “auto-update” . it is free for all and it can run on all windows xp.
enjoy …
SimSafer RC2 Download : http://simorgh-ev.com/download/Setup.exe
Screenshot 1 (start), ScreenShot 2(check patchs)
Simorgh Security Team
My website !
January 27, 2007My website started again .
www.hessamx.net
Uninformed 6 released
January 20, 2007 after long time uninformed volume 6 has been released !!
read this volume on Uninformed.org
ElseNot Project
January 18, 2007The ElseNot Project went public on September 26, 2005. Currently it is a one-man operation focusing on Microsoft products. The goal is to find the public exploits for Microsoft Security Bulletins. The ElseNot Project is updated every patch Tuesdays.
Website : ElseNot.com
The Art of Software Security Assessment
January 18, 2007This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Website : taossa.com
Idefense : Vulnerability Challenge
January 18, 2007iDefense is offering $8,000 – $12,000 per remote code execution flaws within Windows Vista, and IE7.
“Challenge Focus: Remote Arbitrary Code Execution Vulnerabilities in Vista & IE 7.0
Time Period: Q1, 2007
Prize Amount: $8,000 – $12,000
Submission Deadline: Before Midnight EST on March 31, 2007
Vulnerability Challenge:
Both Microsoft Internet Explorer and Microsoft Windows dominate their respective markets, and it is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty. Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products.”
You can read this news on Idefense Labs
Security Weblogs (I)
January 17, 2007This is a list of some security Weblogs (part one).
(read more…)
Creating Your Own IT Security Audit
January 6, 2007If a security auditor isn’t in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business.
Source : ITSecurity.com
Windows Vista Exploit !
January 3, 2007A Microsoft Windows Vista exploit has surfaced on a Russian website. From what it looks like, this is a privilege escalation vulnerability within csrss.exe which is the main executable for the Microsoft Client and Server runtime. This flaw is locally exploitable only, and affects all versions of Windows.
Source : Security-protocols.com
