Everything which goes around me 24×7
Ever since serious efforts are made to bring new legislation, Stop Online Piracy Act (SOPA) there are mixed reactions across the tech community. Many feel that it will curb online freedom. As a matter of fact, freedom of speech, expression and thought are guaranteed by constitutions of majority of governments in the world. SOPA which [...]
Read More...
ZeroDayScan in an online scanner which can scan your site for the following issues: Detects Cross Site Scripting attacks (XSS) Detects Hidden Directories and Backup Files Looks for Known Security Vulnerabilities Searches for SQL Injection Vulnerabilities Automatically detects zero day bugs Performs Website Fingerprinting Once the service finishes scanning your site for issues and vulnerabilities, [...]
Read More...
Google has released a Web Application Security Scanner over at Google Code. This can be used to scan you site for possible security issues which might be lurking around. Skipfish prepares an interactive site-map for the targeted site by carrying out a recursive crawl and dictionary-based probes. This scanner is easy to setup on an [...]
Read More...
Image via Wikipedia When I talk to developers about security in web development, I usually get the answer that the security is taken care by the systems team by securing the server and by using the https protocol. In reality that is just the tip of the iceberg on security. There’s much more you should [...]
Read More...
After HP & Microsoft’s security tool, Google’s gotten onto distribuing a Security Audit tool. Here’s Ratproxy which is a passive web security audit tool based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, [...]
Read More...
Scrawlr is short for SQL Injector and Crawler, a tool developed by the HP Web Security Research Group in coordination with the Microsoft Security Response Center in response to the widespread SQL injection attacks on the web. “Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection [...]
Read More...
Google Doctype is an open encyclopedia and reference library. Written by web developers, for web developers. It includes articles on web security, JavaScript DOM manipulation, CSS tips and tricks, and more. The reference section includes a growing library of test cases for checking cross-browser and cross-platform compatibility. This site’s currently got some good HOWTOs on [...]
Read More...
Inspekt is a PHP library that makes it easier to write secure web applications, which works on PHP 4 and 5 and has no external dependencies. Inspekt acts as a sort of ‘firewall’ API between user input and the rest of the application. It takes PHP superglobal arrays, encapsulates their data in an “cage” [...]
Read More...
If you’re looking at deploying a secure production server for PHP, then you’ve got to check out this tutorial. The tutorial outlines the following : System they’ll be using (operating system, functionality assumed, security assumptions) Preparing the software Installing PHP Chrooting the server Configuring PHP Protecting against CSS and SQL injection attacks Link: Securing PHP [...]
Read More...
If you want to detect and act on XSS probes and attacks on your PHP web application without too much of coding, here’s a project which delivers. It’s called PHPIDS. It’s an IDS for your PHP application which scans your inputs (without sanitizing it) and checks for XSS attacks based on a rule set. You [...]
Read More...
Subscribe to this site's RSS feed.