Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 

Pages: 123Next
Current Page: 1 of 3
Results 1 - 30 of 71
4 years ago
zeno
http://www.cgisecurity.com/2010/04/rsnake-joins-google.html
Forum: News and Links
4 years ago
zeno
The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is to serve as a reference guide for common attacks and weaknesses. Main
Forum: News and Links
5 years ago
zeno
Yes I owe you an evening of Budweiser, formerly known as America's greatest beer ever</sarcasm>
Forum: News and Links
5 years ago
zeno
Ok, who's going to AppsecDC other than RSnake?
Forum: News and Links
5 years ago
zeno
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The statistics includes data about 12186 sites with 97554 detected
Forum: News and Links
5 years ago
zeno
The Web Application Security Consortium is pleased to announce the release of version 1 of the Web Application Security Scanner Evaluation Criteria (WASSEC). The goal of the WASSEC project is to create a vendor-neutral document to help guide information security professionals during web application scanner evaluations. The document provides a comprehensive list of features that should be co
Forum: News and Links
5 years ago
zeno
Not a new concept, but not discussed much publicly. http://tacticalwebappsec.blogspot.com/2009/09/distributed-brute-force-attacks-against.html
Forum: News and Links
5 years ago
zeno
I've decided to start publishing tcv2 sections as we complete them, rather than continuing the wait. http://projects.webappsec.org/Threat-Classification-Working Comments welcome! (other than formatting, currently working on this :)
Forum: News and Links
5 years ago
zeno
"If you've worked in information security you've likely had to report a security defect to development in an effort to remediate the issue. Depending on your organization and its culture this can be a rather difficult task. As an information security professional it is your job to detect, communicate, and see to the remediation of such issues in your company as these issues are discovered. Li
Forum: News and Links
5 years ago
zeno
French people just need a reason to protest. Soon protesting protests, stay tuned!
Forum: News and Links
5 years ago
zeno
In the tradition of Month of Bugs we're pleased to announce the month of security buzzwords, complete with abbreviations. Link: http://www.cgisecurity.com/2009/04/month-of-new-security-buzzwords.html
Forum: News and Links
5 years ago
zeno
Abstract "Transparent proxies allow organizations to influence and monitor the traffic from its users without their knowledge or participation. Transparent proxies act as intermediaries between a user and end destination, and aren't generally apparent to users sitting behind them. Enterprises, Hotels, and Internet Service Providers often use transparent proxy products to lower bandwidth cons
Forum: News and Links
5 years ago
zeno
My company laid of 1500 we wish it was only 100. Cutting 10% off of workforces in this market is pretty standard now adays.
Forum: News and Links
5 years ago
zeno
Please ping Romain the project leader (his email is on that page).
Forum: News and Links
5 years ago
zeno
WASC has published similar material that maps the javascript event handlers to each html tag, to each major browser. Good for xss testing. The Script Mapping Project http://www.webappsec.org/projects/scriptmapping/ Grid http://www.webappsec.org/projects/scriptmapping/ScriptMapping_Release_26Nov2007.html
Forum: News and Links
5 years ago
zeno
More discussion at http://www.cgisecurity.com/2009/01/web-application-scanners-comparison.html
Forum: News and Links
6 years ago
zeno
I was at Bluehat ( http://www.cgisecurity.org/2008/10/my-trip-to-blue.html ) and saw your talk. The CSSH demo was good at automatically demonstrating the problem. Good work. - zeno
Forum: News and Links
6 years ago
zeno
> "Do iframes offer any sort of protection?" > > LOL Don't laugh. The reason I asked this question is that some people have been wondering if iframes offer any sort of protection so thought I'd include it in the interview to clarify things. This may be common sense to some of us, but I'm hearing this question popup from time to time.
Forum: News and Links
6 years ago
zeno
Pretttttttty pictures :) Thanks for the heads up I'll post this on cgisec in a bit.
Forum: News and Links
6 years ago
zeno
The Web Application Security Consortium</a> (WASC) is pleased to announce the ( http://www.webappsec.org/projects/statistics/ )WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain whi
Forum: News and Links
6 years ago
zeno
Are any of you really that surprised that google has vulnerable code? Name me one product that when it came out didn't have vulns discovered. - zeno http://www.cgisecurity.com/
Forum: News and Links
6 years ago
zeno
I've written a rant on when WAF's are useful as someone with experience developing a WAF and deploying it as a customer. http://www.cgisecurity.com/2008/06/10
Forum: News and Links
6 years ago
zeno
http://www.cgisecurity.org/2008/08/affiliate-progr.html
Forum: News and Links
7 years ago
zeno
This project isn't to promote blacklist filtering simply provide the raw data that can be used in various ways such as how Gareth would use it. - zeno
Forum: News and Links
7 years ago
zeno
A rant of mine a few of you may find interesting. RANT: Performing Distributed Brute Forcing of CSRF vulnerable login pages http://www.cgisecurity.com/2007/12/08 - zeno
Forum: News and Links
7 years ago
zeno
rsnake Wrote: ------------------------------------------------------- > I know this is old, buuuut, I've gotten two emails > about this in the last two days, might as well > paste the same thing here about my own hardening > efforts: > > I've removed every function that writes to any > place outside of the > database. I've made the disc non-writable anyway >
Forum: News and Links
7 years ago
zeno
Wow this site has turned into johnnyihackstuff. :)
Forum: News and Links
7 years ago
zeno
More coverage here http://www.cgisecurity.com/2007/08/03
Forum: News and Links
7 years ago
zeno
ionic Wrote: ------------------------------------------------------- > We also don't understand why you need to build > groups like OWASP, PHPSEC, WASC and all the other > consortia that are more marketing instruments than > security groups. I can't speak on behalf of all of these groups but I can say a few points. Many contributors want something out of it beyond helping th
Forum: News and Links
7 years ago
zeno
Ronald Wrote: ------------------------------------------------------- > Still, what is new Zeno? all things I have seen I stated speaking as they come out, not re-speaking about them for marketing purposes (sometimes to major news sites) on a monthly/bi-monthly/Quarterly basis. Writing new content on an older subject I find to be acceptable as long as there is value brought to the tabl
Forum: News and Links
Pages: 123Next
Current Page: 1 of 3