Exploit-DB updates

Loading...

Saturday, February 19, 2011

WebSecurify - Web Vulnerability Scanner

Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration testers and the feedback from an active open source community.

How it works

 

Websecurify uses several key technologies combined together to achieve the best possible result when performing automatic and manual tests. At the core of the platform sits a Web Browser. This allows Websecurify to gain a fine-grained control over the targeted web application and as such detect vulnerabilities that are difficult to find with other tools.
The carefully engineered user interface is simple to use but powerful. All tools and platform features are integrated with each other. This allows smooth transition from one type of task to another and it also makes it easier to work with the complex flow of data, gathered during the penetration test.
The built-in vulnerability scanner and analyzation engine are capable of automatically detecting many types of web application vulnerabilities as you proceed with the penetration test. The list of automatically detected vulnerabilities include:
  • SQL Injection
  • Local and Remote File Include
  • Cross-site Scripting
  • Cross-site Request Forgery
  • Information Disclosure Problems
  • Session Security Problems
  • many others including all categories in the OWASP TOP 10
Websecurify design principles emphasise on ease of use and extensibility. Virtually every single platform component can be extended with the help of add-ons and plugins. This means that task and business specific customizations can be introduced without the need to worry about cross-platform issues, deployment, internationalization and future support.

This is an excellent and extremely easy to use tool, I highly recommend giving it a go. You can download it here - http://www.websecurify.com/download

Posted by at No comments:

Wednesday, February 16, 2011

VERA - Visualizing Executables for Reversing and Analysis

VERA 0.31 has been released. This new version contains a bunch of new features and API improvements. The two biggest updates are the addition of the trace file parsing and analysis inside of the GUI. This alleviates the need for the gengraph.exe program. The next big feature is the integration with IDA Pro. Currently it only supports version 5.6 and 6.0 versions of IDA. Finally, VERA now includes documentation.
Please feel free to email me (dquist at this domain) if you have any comments. Those of you that have responded thank you very much.
Change log:
* Added processing of trace files without having to use gengraph via new wizard
* Better handling of low memory situations
* Major code cleanup, refactoring, and new buzzwordy sounding tasks
* Added a toolbar, because everyone loves those
* Added IDA integration and IDA Pro module
* Fixed a bug involving parsing of non-traditional Ether trace files
* Now should support larger and more complicated graphs
* I'm getting paid to write and support VERA. :)

Learn more - http://www.offensivecomputing.net/?q=node/1687
Posted by at No comments:

Sunday, February 13, 2011

Metasploit Unleashed - Great Metasploit Course

This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework.
Logo-00.png

This is the free online version of the course. If you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $9.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it.

This open course is excellent for people who are new to Metasploit or those who want to learn more. It covers Metasploit from top to bottom, from architecture to exploitation it's all there.

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

Make a donation to the Hackers For Charity - http://www.offensive-security.com/metasploit-unleashed/Donate_Here





Posted by at No comments:

Friday, February 11, 2011

Former Fox News Employee: "Fox news is a propaganda outfit"

A former employee of Fox News called the company a "propaganda outfit" that is determined to undermine the Obama administration and Democrats.

"I don't think people would believe it’s as concocted as it is; that stuff is just made up," the employee, whose name was kept anonymous, told the liberal media watchdog group Media Matters.

"They say one thing and do another," the former employee said. "They insist on maintaining this charade, this façade, that they’re balanced or that they’re not right-wing extreme propagandist."

"You have to work there for a while to understand the nods and the winks," the former employee added. "And God help you if you don’t because sooner or later you’re going to get burned."

The former employee's comments did not come as a surprise to many critics of Fox News, who have long suggested the channel is biased in favor of conservatives. The 2004 documentary film "Outfoxed: Rupert Murdoch's War on Journalism" criticized the channel and its owner, Rupert Murdoch, for skewing its reporting of events to promote conservative viewpoints.

"Like any news channel there’s lot of room for non-news content," the former employee continued. "The content that wasn't 'news,' they didn't care what we did with as long as it was amusing or quirky or entertaining; as along as it brought in eyeballs. But anything - anything - that was a news story you had to understand what the spin should be on it."

"If it was a big enough story it was explained to you in the morning [editorial] meeting. If it wasn’t explained, it was up to you to know the conservative take on it. There’s a conservative take on every story no matter what it is. So you either get told what it is or you better intuitively know what it is."

Internal emails obtained by Media Matters also showed that a seemingly spontaneous response concerning the Obama campaign canceling an appearance on a local news station to have been scripted by Fox News' producers,

In another e-mail obtained by the media watchdog, Fox News Washington Managing Editor Bill Sammon told his staff to downplay the importance of climate science that showed the globe's average temperature getting warmer.

Additional emails showed that Sammon asked his news department to refer to the public option as the "government run option" because polls showed the phrase "government option" was opposed by the public.

Perhaps not coincidentally, a poll gauging public trust in TV news found that PBS was the most trusted name in news, while trust in Fox News dropped significantly over the last year.

http://www.rawstory.com/rs/2011/02/fox-news-employee-stuff-up

Another example of this was the time they, along with Monsanto, tried to kill the story on how harmful a growth hormone given to cows was to human health. Which they ended up just editing it 80 some odd times. Check this out;

Posted by at No comments:
Subscribe to: Posts (Atom)