web application security

Plus ca change, plus c'est la meme chose.  read more »

Interconnectivity is a blessing and a serious curse. The net provides us various ways to communicate with other people or other systems. Like everything else it has a downside. The reason why so many cyber criminals can get away with their obnoxious acts against humanity, is because of how the net was designed and how computers and networks function. It's almost impossible to stop misuse of services for any kind of exploitation. Whether it be the use of proxies, or hijacked servers or just bombarding mail servers, it will be with us so long we use TCP/IP.  read more »

After this 'breaking news' of file disclosure last day, I went on and had a look at their whole site from a distance. A few non malicious vectors learned me that they have cross site scripting holes, but more important SQL injection points and Cold Fusion HTML and SQL injection. I will not disclose them here nor to Fox. No free lunch this time, I hope they will take this very seriously and hire a proper security auditor to pentest their whole system. Let this be a wakeup call.  read more »

Here is your one time chance. Detect hackers while they are trying to exploit your web page. Yes you read it correctly: finally you can detect people like me :) that are sniffing around your system. Want to be top notch with your web application security? then I would advise you to try the PHP IDS out.Christian and Mario worked on this project for a few months now and they just released their final version of their PHP IDS. Now you don't have any excuse anymore, go download it and use it.http://christ1an.blogspot.com/2007/06/php-ids-released.html