In English
ASP.NET and input validation against XSS
The today’s topic is XSS under ASP.NET and how validation filters and request filters works and are applied under ASP.NET. The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to [...]
What’s new in the Flash 10 security
The new version of Adobe Flash (actually 10 beta) has a variety of features and enhancements aimed to increase the security. You can read a detailed article of Trevor McCaulery here: http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html It seems that the Adobe security is based on: require user interaction: to avoid automatic explotation and warn user about flash actions new [...]
splmap 0.6 released
My friend inquis today released one of the best SQL injection tools available to the public: sqlmap. For the ones of you that do not know this tool yet, sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once [...]
A browser as web hacking platform
A list of Firefox plugins to turn your browser in an hacking platform. This is an improved list based on "Turning Firefox to an ethical hacking platform" from Security-Database.com Information gathering Whois and geo-location ShowIP : Show the IP address of the current page in the status bar. It also allows querying custom services by [...]
Kaminsky DNS Vulnerability for dummies
The easiest and best explanation of Dan Kaminsky DNS Vulnerability that i found on the Net:An Illustrated Guide to the Kaminsky DNS Vulnerability by Steve Friedl