23 February 2010

Details of Web App Vulnerabilities Removed

Hey all,

Just to let you know I've removed all the details of the vulnerabilities identified on the following sites:


05 February 2010

The Web Application Hacker's Handbook: A book that that every penetration tester should have on their desk!

I've been meaning to write a review on this book for a while now, and I just never seem to be able to get around to it for some reason.

To be honest, if you're into web application hacking, then I'm pretty sure that you've probably already purchsed this tome of knowledge, if you haven't, what are you waiting for?

This covers a lot of the intricacies of web application penetration testing, and really has proved to be an invaluable resource to me. Let's put it this way, I actually have 2 copies, one for the office and another for home.

This is also an amazing read for any web application developers, as it shows you the kind of things to look out for, and how to mitigate against them, thus you help us to help you!

In the interest of full disclosure

Over the next couple of days I will be publicly releasing the information and screenshots of some XSS vulnerable sites that I identified and notified at the beginning of January. Some of these have now been fixed, and others have ignored my e-mails and LinkedIn contact attempts. So I will be naming, shaming and sharing all the gory details in the next few days! --Full disclosure is responsible disclosure