Skipfish – Automated web security scanner
A couple of days ago (March 19th) Michal Zalewski famous for tools such as p0f and his excellent book ‘Silence on the wire’ announced the release of an open source automated web security scanner called Skipfish from the Google Online Security Blog.
Key features:
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
OWASP Testing Methodology
It is very easy for some one to find an XSS vulnerability within a web application and write a report about it. According to WhiteHat Security (2007) there is a 73% chance that you will find an XSS vulnerability within a web application. Does finding one of these mean you have assessed the security of the web application? Let’s take a web application vulnerability that is ‘seen’ to be more critical. Again, according to WhiteHat Security you have a 18% likelihood to find an SQL Injection vulnerability within a web application. So during the web application security assessment you have found an SQL injection vulnerability, the back end DBMS is a version of Microsoft SQL Server which has ‘xp_cmdshell‘ enabled by default. You manage to get a reverse shell and acquire a copy of the database. Great! By gaining shell access to the server does that mean you have properly assessed the security of the web application? No!
WordPress >= 2.9 Failure to Restrict URL Access
1. *Advisory Information*
Title: WordPress >= 2.9 Failure to Restrict URL Access
Date published: 13/02/2010
2. *Vulnerability Information*
Class: Failure to Restrict URL Access
Remotely Exploitable: Yes
Locally Exploitable: Yes
Writing reports – Oh noes!
Report writing has a bad reputation, every one seems to hate writing them and believe it to be the anticlimax of the assessment process. I haven’t been writing reports for very long, the reports that I have written I have enjoyed, no doubt in time the novelty will wear off and I will grow to hate them too. There are however lessons that I have learnt in my short report writing experience which I believe could have made my report writing that little bit easier and less time consuming. Those lessons I am going to share with you and if your just starting out in your report writing duties hopefully these can help you too. Or if your a report writing guru share your tips with me! The reports I have written are mainly web application assessments so I will concentrate on those.
Ethical Hacking / Security University Degrees UK
One of the most popular posts on my blog is the Guest post: Current Available UK Degrees by 1337speak in April last year. I have decided to update the list as to keep the information up to date.
You who know me will know that I my self am enrolled on one of these University courses. I believe that if your starting out in security and want to make a career out of it this may be the best place to start. For me the course has done wonders, not only in what I have learnt however the people I’ve met and the drive it has given me to succeed in my chosen career.
