Ethical Hacking

RSS feed for this section
This category contains 23 posts


New Firefox HTTP session hijacking extension addon.

By October 26, 2010 Post a comment

A Seattle software developer is stirring anxiety with a new add-on program for the popular Web browser Firefox that allows amateur hackers under the right circumstances to gain access to accounts on popular services such as Facebook and Twitter.

The program, called Firesheep, makes it far easier to intercept browser cookies used by those sites to identify users. Hackers can then log into those sites posing as those users.

It only works on a shared wireless network, according to the programmer, Eric Butler, who unveiled the program at a hacker conference in San Diego on Sunday to draw attention to security vulnerabilities.

This is a preview of New Firefox HTTP session hijacking extension addon.. Read the full post (108 words, estimated 26 secs reading time)

Free Open Source Database Firewall Solution.

By October 24, 2010 Post a comment

GreenSQL is a free new Open Source database firewall for protection from SQL injection attacks. It works as a reverse proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license. It runs its check against a black list and white list before allowing clients access to the SQL server. There is a online demo on the website as well, below is a snapshot from it.

Typical setup:

This is a preview of Free Open Source Database Firewall Solution.. Read the full post (111 words, 4 images, estimated 27 secs reading time)

ModSecurity A Free open source Web Application Firewall (WAF)

By October 21, 2010 Post a comment

Traditional firewalls filter traffic  based on protocols and ports, there is some level of protocol inspection as well however we still hear attacks occurring by the attacker using a browser. Unlike the traditional firewall, a web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

This is a preview of ModSecurity A Free open source Web Application Firewall (WAF). Read the full post (115 words, estimated 28 secs reading time)

w3af – Web application attack and audit framework penTest Tool.

By October 10, 2010 Post a comment

w3af is a Web Application Attack and Audit Framework. Its a tool to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much.

Ref. http://w3af.sourceforge.net/

Permanent link to this post (67 words, estimated 16 secs reading time)

« PreviousNext »