Detect Your Web Application’s Vulnerabilities Early with Ruby

Web application fuzzing is a method of detecting a web application’s vulnerabilities prior to deploying the application on a production system. Users of this approach send several malicious requests to the application and, based on the responses received, determine the application’s security posture. Users also can apply fuzzing to perform tests on several different attack vectors such as SQL, XPATH, and LDAP injection, and error handling.
Read Here

TTY64.ORG

“TTY64 PROJECT”

this project focusing on security orientend programming on all it’s aspects.  izik (Itzik, admin of tty64), 22 years old from Israel . he is a good shellcoder (izik shellcodes in milw0rm.com) .he latest presentation is on the Shellcode Evolution  at the H2HC conference can be viewed here .
website : www.tty64.org
e-mail : izik[-at-]tty64.org

Vuln Scanning Web 2.0 Client-Side Components

This paper explains how to Scanning web 2.0 applactions with borwsers & Client-Side Components .The key learning objectives of this article are to understand the following concepts and techniques: Scanning complexity and challenges in new generation Web applications / Web 2.0 client-side scanning objectives and methodology / Web 2.0 vulnerability detection (XSS in RSS feeds) / Cross-domain injection with JSON /Countermeasures and defense through browser-side filtering.
(Read more …)
(more…)

Microsoft Anti-Cross site scripting Library

Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user’s browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones. See This Library in microsoft