SecurityFeed.info » CGISecurity.com: Your Web Site and Application Security Resource

Feeds

57253 items (57253 unread) in 90 feeds

• Aviv Raff On .NET (29 unread)
• Bugtraq (bugtraq) Mailing List (2875 unread)
• CGISecurity.com: Your Web Site and Application Security Resource (415 unread)
• christian's weblog (25 unread)
• Irongeek's Security Site (344 unread)
• Jeremiah Grossman (191 unread)
• Heorot.net (19 unread)
• milw0rm.com (1332 unread)
• Nmap Hackers (nmap-hackers) Mailing List (27 unread)
• Rootsecure.net (3276 unread)
• SecuriTeam.com (645 unread)
• Security Vulnerability Research & Defense (147 unread)
• SecurityFocus News (436 unread)
• SecurityFocus Vulnerabilities (2715 unread)
• Securityvulns news channel (1749 unread)
• SecWatch - Latest Exploit Alerts (10 unread)
• Taking Network Security to the Streets (28 unread)
• The One And Only Matt Parnell.com (86 unread)
• The Register - Security (2373 unread)
• The Register - Software (2752 unread)
• VulnWatch (vulnwatch) Mailing List (19 unread)
• Web App Security (webappsec) Mailing List (433 unread)
• IceСμbeς (15 unread)
• Linmagazine (760 unread)
• ‫netcraft Bytes :) (130 unread)
• Blonde 2.0 (219 unread)
• The Microsoft Security Response Center (MSRC) (175 unread)
• (IN)SECURE Magazine Notifications RSS (45 unread)
• 0x000000 Security (95 unread)
• ----- Anti-Malware ----- Analysis and Defense (16 unread)
• Apple Fun (25 unread)
• Technorati Search for: aviv.raffon.net (368 unread)
• C.I.S.R.T. (25 unread)
• Determina Zero-Day Protection (6 unread)
• Didier Stevens (157 unread)
• eEye Digital Security - Research Blog (12 unread)
• Ryan Naraine's Security Watch (489 unread)
• Security - RSS Feeds (1103 unread)
• Exploit Prevention Labs (28 unread)
• Software Vulnerability Exploitation Blog (22 unread)
• F-Secure Antivirus Research Weblog (473 unread)
• Full Disclosure (1289 unread)
• George Ou (10 unread)
• GNUCITIZEN Media Portfolio (157 unread)
• ha.ckers.org web application security lab (136 unread)
• heise security (1866 unread)
• invisiblethings' blog (57 unread)
• Jeff Jones's blog (13 unread)
• JScript Blog (26 unread)
• Matasano Chargen (74 unread)
• McAfee Avert Labs (357 unread)
• Michael Howard's Web Log (46 unread)
• PandaLabs (228 unread)
• Zero Day (874 unread)
• SANS Internet Storm Center, InfoCON: green (1121 unread)
• Latest Secunia Security Watchdog Blog Entries (71 unread)
• SecuriTeam Blogs (248 unread)
• Security Fix (494 unread)
• HP ASC Portal (30 unread)
• Strike Center (12 unread)
• Sunbelt Blog (915 unread)
• Sunnet Beskerming Security Advisories (149 unread)
• Technobabylon
• The Recurity Lablog (34 unread)
• Wired: Threat Level (1468 unread)
• TrendLabs | Malware Blog - by Trend Micro (637 unread)
• Uninformed Journal (49 unread)
• WabiSabiLabi's blog (23 unread)
• WatchGuard Wire (135 unread)
• Latest Blog Entires From WebSense Security Labs (165 unread)
• Hackszine.com (665 unread)
• DVLabs: Blogs (146 unread)
• Errata Security (177 unread)
• Robert Hensing's Blog (93 unread)
• PaulDotCom Community Blog (14 unread)
• David LeBlanc's Web Log (34 unread)
• Billy (BK) Rios (29 unread)
• David Litchfield's blog (22 unread)
• Farfromr00tin (27 unread)
• aut disce, aut discede (17 unread)
• pwn* (26 unread)
• hackademix.net (106 unread)
• SecurityDot Vulnerabilities (1939 unread)
• Vulnerabilities & Exploits (87 unread)
• Malicious Code (100 unread)
• Security Risks (66 unread)
• Digg / Security / upcoming (17411 unread)
• digg.com: News / Security / Popular (401 unread)
• DarkReading - Security News (969 unread)
• DarkReading - All Stories (151 unread)

CGISecurity.com: Your Web Site and Application Security Resource (10 unread)

• March 04, 2010
• 19:31

  Cryptography experts bicker with former NSA director at RSA panel

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  I recently attended RSA and had a chance to see the cryptography panel. Towards the end of the panel an amusing amount of bickering began between the former NSA technical director (Brian snow) and folks such as Whit Diffie (inventor of diffie hellman key exchange), and Adi Shamir (co founder of RSA...
• March 01, 2010
• 19:30

  Web Security Dojo v1.0 release

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  From the announcement "Web Security Dojo is a turnkey web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is ideal for both self-instruction and training classes since everything is pre-configured and no external network connection is needed. All tools and targets are configured to use...
• 19:28

  Watcher 1.3.0 passive Web-vulnerability testing tool released

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  "A new update to the Watcher passive vulnerability detection and security testing tool has been released. Watcher is an open source addon to the Fiddler Web proxy that aids developers, auditors, and penetration testers in finding Web-application security issues as well as hot-spots for deeper review." - Casabasecurity The full announcement can...
• February 24, 2010
• 19:26

  XSS, SQL Injection and Fuzzing Barcode Cheat Sheet

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  Someone has published an amusing cheat sheet that will allow you to fuzz barcode scanning systems for common input validation issues such as XSS and SQL Injection. They even provide an online barcode generator which allows you to create your own payloads. Not much else to say really :) Link: http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php
• February 23, 2010
• 0:32

  Multiple Adobe products vulnerable to XML External Entity Injection And XML Injection

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  I haven't really been posting advisories on this website for the past year, however a series of XML Injection/XXe vulnerabilities in Adobe products caught my eye. XML Injection is to web services, what XSS is to web pages (an attacker controllable application response able to perform abuses against the consumer). This advisory...
• February 17, 2010
• 20:10

  Post on Abusing Windows Communication Foundation to Perform Remote Port Scans

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  Brian Holyfield has published an entry on using Windows WCF to perform backend port scanning. This is possible due to the callback functionality WCF provides. From his article "Last weekend at Shmoocon, I demonstrated how an attacker can trick certain WCF web services into performing an unauthorized port scan of machines behind...
• February 16, 2010
• 21:05

  2010 SANS Top 25 Most Dangerous Programming Errors Released

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  I was luck enough to assist in this project and I must say that a lot of great discussions took place. Unlike many other top x security lists, SANS/MITRE's methodology is fairly extensive and well documented giving you insight into how decisions were made. I do want to point out that top...
• February 08, 2010
• 23:37

  Larry Suto Web Application Security Scanner Comparison Report Inaccurate Vendors Say

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  Larry Suto published a report comparing the various commercial web application security scanners. As you'd expect the vendors are likely to respond about how inaccurate the report is, however in this case both HP and Acunetix argued valid points. From Acunetix "They were not found because Larry didn’t authenticated our scanner (didn’t...
• February 03, 2010
• 20:29

  R.I.P. Apache 1.x: Apache 1.3.42 marks of end life

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  The latest version of Apache 1.3.42 is the last 1.3 version of Apache that will be released. I admit I've been running 1.3 for ages now due to it being rock solid and having a decent security track record. The announcement states that security patches 'may be available' at http://www.apache.org/dist/httpd/patches/ but consider...
• February 02, 2010
• 22:44

  Nikto version 2.1.1 released

   » ‎ CGISecurity.com: Your Web Site and Application Security Resource
  Sullo has sent the following announcement to the full disclosure mailing list indicating a new release of Nikto. "I'm happy to announce the immediate availability of Nikto 2.1.1! Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs,...