Paper on browser identification is posted on infosecwriters. Several approaches are defined in this paper.
Read Here
This blog is created to keep track of my activities and place holder for sharing. Enjoy!
Saturday, June 25, 2005
Thursday, June 09, 2005
[Oreilly] Protect your applications without recoding them
Article on Onlamp.
Web services are increasingly becoming an integral part of next-generation web applications. They're also vulnerable to attacks. The nature of these attacks is the same as for traditional web applications, but the modus operandi is different. These attacks can lead to information leakage; further, they aid in remote command execution. By using WSDL, an attacker can determine an access point and available interfaces for web services. These interfaces or methods take inputs using SOAP over HTTP/HTTPS. Without good defense at the source code level, your application is in danger of compromise and exploitation. mod_security operates as an Apache web server module, ideal for defending web services against attacks that also include malicious POST data containing SOAP envelopes.
Go to Onlamp
Web services are increasingly becoming an integral part of next-generation web applications. They're also vulnerable to attacks. The nature of these attacks is the same as for traditional web applications, but the modus operandi is different. These attacks can lead to information leakage; further, they aid in remote command execution. By using WSDL, an attacker can determine an access point and available interfaces for web services. These interfaces or methods take inputs using SOAP over HTTP/HTTPS. Without good defense at the source code level, your application is in danger of compromise and exploitation. mod_security operates as an Apache web server module, ideal for defending web services against attacks that also include malicious POST data containing SOAP envelopes.
Go to Onlamp
Monday, June 06, 2005
wschess 1.3 released
wsKnight is updated with 4 new audit/attack vectors. This will help in auditing or testing web services.
1. Bruteforcing - One can specify user/pass fields and map it to files. This will launch bruteforcing combinations on the wire.
2. Buffer overflow - Specify parameter and buffer size.
3. LDAP and XPath injection - This is very simple just a different category.
[Download]
Stay tune more to go.
Cheers!
1. Bruteforcing - One can specify user/pass fields and map it to files. This will launch bruteforcing combinations on the wire.
2. Buffer overflow - Specify parameter and buffer size.
3. LDAP and XPath injection - This is very simple just a different category.
[Download]
Stay tune more to go.
Cheers!
Subscribe to:
Posts (Atom)