border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Friday, June 17, 2011

OWASP Web Testing Live CD

 WASP Web Testing LiveCD (2011) | 650 MB

OWASP LiveCD - contains a selection of programs to test the safety and performance audit of the code of web-applications, acts as an analog of the well-known tool for testing network security BackTrack, but specializes in the web. Last Release OWASP LiveCD was released in 2007, last summer decided to complete processing of the distribution.

The composition of OWASP LiveCD includes programs such as Httprint to determine the type http-server on circumstantial evidence, vulnerability scanners in web-applications Grendel Scan and w3af, utilities to identify opportunities to introduce SQL code SQLiX and sqlmap, means of brute force, the local proxy WebScarab , Paros Proxy, Rat Proxy and Burp Suite, Firefox c 1925 amendments to debug sites. 

Thus, the very ten most dangerous threats: 
A1 Injection (injection of any kind, including SQL, LDAP, etc.) 
A2 Cross Site Scripting (not lost relevance XSS) 
A3 Broken Authentication and Session Management (errors in the architecture of the authentication and session management) 
A4 Insecure Direct Object References (unprotected resources and facilities, we can recall the case with SVN) 
A5 Cross Site Request Forgery (CSRF) 
A6 Security Misconfiguration (unsafe configuration of the environment, different frameworks, platforms) 
A7 Failure to Restrict URL Access (unauthorized access to functionality that requires special privileges - such as bypassing the validation c using a double slash "/" in the URL to gain access to the management of a blog in Wordpress) 
A8 Unvalidated Redirects and Forwards (open redirects, which lead to phishing, HTTP Response Splitting and XSS) 
A9 Insecure Cryptographic Storage (unsafe storage of important data) 
A10 Insufficient Transport Layer Protection (lack of protection for data in transit at the transport level, such as HTTP instead of HTTPS).


No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More