Whitepaper discussing blind SQL injection discovery and exploitation techniques. It describes how to deal with blind SQL injection on ASP/ASP.NET applications running with access to XP_CMDSHELL.
38f99722128efd5e6ad90e4e47213ad4e80f38e80cd65725de7307d4dc245cf1Securing Next Generation Applications - Scan, Detect, and Mitigate.
d19c2013f9c13ff698a8b10c146857e5fd1996461317ffb2e89134213d493121Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".
1ed5c65dfd0826c823dfd1a9f124b537e561dd5ffcc62aee60d328f4953f93efWhitepaper discussing attack vectors for Web 2.0 applications. Web 2.0 is the novel term coined for new generation Web applications. /start.com/, /Google maps/, /Writely/ and /MySpace.com/ are a few examples. The shifting technological landscape is the driving force behind these Web 2.0 applications. On the one hand are Web services that are empowering server-side core technology components and on the other hand are AJAX and Rich Internet Application (RIA) clients that are enhancing client-end interfaces in the browser itself. XML is making a significant impact at both /presentation/ and /transport/ (HTTP/HTTPS) layers. To some extent XML is replacing HTML at the presentation layer while SOAP is becoming the XML-based transport mechanism of choice.
23b78dfb2fcd2a2e7ec93abd2ab89b20a676a3f0dfa6408fc46bf16a6cdd1988Whitepaper entitled 'Web Application Footprinting and Assessment with MSN Search Tricks'.
21fa9f7a4c5cc5110927a0d58b634ca2cc3a52a3998262dfccb65e1141516e43Web Hacking Kung-Fu and Art of Defense - Web attacks are on the rise and new methods of hacking are evolving. This presentation covers the new methodologies for web application footprinting, discovery and information gathering with a new range of tools.
4f5e29a13a9a3f08a42d17d1c4729596c7602ec6f82c8722ba9f630ca7c3ecffWhite paper discussing web browser identification and how proper identification can enable a remote site to know what attacks to use against a visitor.
af292d7644b45c3e998a980f23ff821b434d866040446022bb3ee6a5b46b07a2Microsoft ASP.NET Web Services have an unhandled exception that leads to file system disclosure and SQL injection attacks.
236c5cf9bbf6b70888b54d9a9318d4f0f4cfc9764531136f0d161c981e0f7f8cWhite paper called Domain Footprint for Web Applications and Web Services.
334c5dacdca8cb229f4e6fcd4408159edff35ea5eb82f949449c0fe623215485Whitepaper discussing the scope of information gathering used against web services. Second in a series of papers defining attack and defense methodologies with web services.
d845104342be64b7e0981391fa4587731812589b1eaa8df8bb900cb3c06d39ebWeb Application Defense At The Gates - Leveraging IHttpModule. Whitepaper describing how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks.
6caf1ed5d6a9f25b75acf4adba7d8d25877548097bc1e32c33cbdd10fce7536cWhite paper discussing web application footprints and discovery methodology for web servers hosting multiple web applications.
51f2b357535a04ed528e35ff209d1544050e9ec8990d03bddf56be14b2c0d5c0Whitepaper discussing the scope of information gathering used against web services. First in a series of papers defining attack and defense methodologies with web services.
41051ad1f79babf058f6e50a6da49759baee349f285fbc702e91c39d819f38f8A thoroughly written white paper discussing how to defend web services using mod_security.
bff27e41da0ed96737c94d7f79f29f3432e83dda6ab0b1eed20e27122f946d50Foundstone Security Advisory FS-073100-10-BEA - It is possible to compile and execute any arbitrary file within the web document root directory of the WebLogic server as if it were a JSP/JHTML file, even if the file type is not .jsp or .jhtml. If applications residing on the WebLogic server write to files within the web document root directory, it is possible to insert executable code in the form of JSP or JHTML tags and have the code compiled and executed using WebLogic's handlers. This can potentially cause an attacker to gain administrative control of the underlying operating systems.
efe85f651d73615fb6cff13785c85e629c1d6000de550891afe91b7b8b3f8677
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed