Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 5 of 5
5 years ago
bin4ry
Hi together, i've seen this "securing webgoat with modsecurity" project (http://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project) and this is exactly what i am looking for: I'ld like to have a vulnerable web-app with a waf in front of it. Now i'd like to do some assessment tests. However, unfortunately there are very few tips on how to set up the
Forum: Projects
5 years ago
bin4ry
Thanks to all you guys. I'll check out the ressources you provided me when i am back home. And i'll definitely engange your offer to ask specific question when it's time to perform practical things. I guess i'll assess the core rules since it is quiet realistic that modsecurity users will have them in place. At first thanks again.
Forum: Projects
5 years ago
bin4ry
Hi together, Hope this is the right section. I'm a student at a german university and i'm working on my bachelorthesis. The subject is Web Application Firewalls. One practical part of this work is an assessment of one of those wafs. Since i can choose which product i'm going to test, i think i'll stick to modsecurity. I'll place some vulnerable apps behind modsecurity (some selfmade ones
Forum: Projects
6 years ago
bin4ry
And another question: If a website usilizes user-input to form an address the user gets redericted to (by sending a http 302 header), is there always the risc of http response splitting? If not, what are the conditions influencing the scenario? How can one manipulate and detect them? Cheers
Forum: CSRF and Session Info
6 years ago
bin4ry
Hey together, i'm new to this community although i often visited ha.ckers.org. I got a webapp which i should look for webapp vulns. I need to do blackbox-testing and i found some xss plus some sql injections. Then i found this one: foo.bar/accept?dest=/xy/z This looks like a redir-script, right? So this is what i get: GET foo.bar/accept?dest=/xy/z HTTP/1.1 Host: foo.barUser-
Forum: CSRF and Session Info
Current Page: 1 of 1