Seeker

Seeker is a powerful web application vulnerability scanning tool that uses a ground breaking technology, BRITE™ (Behavioral Runtime Intelligent Testing Engine) that enables comprehensive searches for application vulnerabilities.

After identifying vulnerabilities it automatically exploits them and reports the results in a video.

Seeker comprises unmatched innovative technologies that generate zero false positives and enables tests of complex applications within several minutes.

Seeker assimilates seamlessly into the application environment while it learns the application behavior from the inside, Identifying problematic code that no other existing tool can find.

Seeker is intuitive and automated; it does not demand technological or security knowledge more than at the beginner level, thus providing a strong and robust secure solution for QA and development teams at all levels.

Seeker gives its operator visibility regarding the routes followed by the tested application, and is able to track code flow through synchronous and asynchronous tiers and components in distributed architectures.

Seeker homepage

Article on TechCrunch

This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general.

Jarlsberg

“Searching the Internet to create relevant word lists.”

That is the moto of the website, it already says a lot, but i’ll give a quick description in case you might need more:

AWLG allows you to build a wordlist, for your various password cracking needs and not only, formed out of words found in relation with specific keywords of your choice that are searched for on the web using search engines(i don’t know which one(s), i suspect google only though :)). You can add exclusion keywords also to narrow down your search in case you know of such bloat keywords that might interfere with the effective search of your target keywords. A number of additional options for further narrowing of the results are offered also, like , leetspeak or capitalization. Read more on the about page or roll your eyes over the example use cases.

www.awlg.org

Tagged with:
 

Hacker’s stackoverflow

You can find it at nkvd.ro, if you have questions to ask or even better, answers to give, join NKVD’s initiative and start sharing the knowledge you have been eagerly gathering but never really had the chance to share it in an easy way. 🙂

http://nkvd.ro

Tagged with:
 

Albert Gonzalez at the 2001 DefCon hackers' convention in Las Vegas

Twenty years at least for now, because there’s a second conviction on a second trial to be made on which he could get up to 25 years. The court has agreed to serving his sentences concurrently, though, which means if he gets more then 20 year in the second case then he will serve that one if not he will serve the first one, sort of to speak.

Read more here.

Tagged with:
 

skipfish

A fully automated, active web application security reconnaissance tool. Key features:

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The post announing the tool:

http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html

The project page at google code:

http://code.google.com/p/skipfish/

Skipfish documentation:

http://code.google.com/p/skipfish/wiki/SkipfishDoc

The tool is written by lcamtuf, who joined google a few years ago. 🙂

Tagged with: