Archive for June, 2008
SQL-Injection: Microsoft and HP help out?
SQL-Injection: Microsoft and HP help out?
Both Microsoft and HP have released a free set of tools that will check web applications for any weaknesses that revolve poor parameter filtering that would lead to SQL injection or XSS. HP have released Scrawlr, which based around the commercial product, WebInspect Wait a second, didn’t Spidynamics create WebInspect? [...]
Getting Certified (Part II): Security Certs
Well what about security certifications? There are useful guides to certifications at about.com and dmiessler.com. Arguably, the better internationally known certifications listed are CISSP and SCNP. One recent addition into this arena is the Certified Ethical Hacker (CEH). Their course outline provides a very good background on what you should know as a security tester. [...]
Getting Certified (Part I): General Thoughts
Like with other fields in the computer industry, the big question is do you want/need to get certified?
Experience counts for a lot and one argument is, the material covered by the certification quickly becomes irrelevant and you have to keep shelling out money to keep up with the accreditation. For example, I have a Sun [...]
Get a warm fuzzer feeling…
Fuzzers are not stuff found in your belly button. No but they can be thought of something that randomly prods belly buttons. Seriously though they are automated programs that can look for vulnerabilities in applications by injecting random code that could break them. Basically, you are looking how applications respond. Is your try-catch-finally statements up [...]
Hide’n’seek
A Japanese lady managed to live undetected for a whole year. Now an ideal physical attack is to somehow get someone inside a building undetected, keeping a low profile and staying over. A well protected building would likely stop this attack. Naturally you’ve got to know a lot about this building in question before even [...]
