Tuesday, May 24, 2005

Advisory on securitytracker

Recent finding on ASP.NET is posted on security tracker.
Read Here

Monday, May 23, 2005

Domain Footprinting Paper

Featured on HNS and also posted on infosecwriters. The methodology discussed in the paper is implemented in wschess toolkit.
Read Here

Read Here

wschess you can down load from here

Wednesday, May 18, 2005

ASP.NET web services advisory

Microsoft ASP.NET Web Services.
Unhandled exception leads to file system disclosure and SQL injection.
Read Here

Tuesday, May 17, 2005

wschess beta 1.2 release

Changes are as follows

1. Doamin footprinting is added to wspawn. Methodlogy is discussed in paper [Read]
2. wspawn threading is much more controlled now with option to stop.
3. wspawn's command line is also posted which can run under linux with mono.

Planning to add few more audit/attack modules for xpath,xss,ldap etc in wsknight in next release.

Friday, May 13, 2005

Monday, May 09, 2005

Paper appeared on HNS (IHTTPModule for .Net)

Web Application Defense At The Gates – Leveraging IHttpModule
It is featured on HNS.
Read Here