Sunday, January 27, 2008

Ajax security



Are you interested in learning about Ajax security? I did, so i got the book "Ajax Security" by Hoffman and Sullivan (2007, Addison Wesley, 470 pages), and it is really useful. The book is well organized, the explanations are very clear and the examples well chosen.

I learned a lot about Ajax and the security implications of this technology with this book, i highly recommend it.


Ajax Security, Addison Wesley

Check the content table

Metasploit 3.1

Well some time ago i posted about the Metasploit GUI, now the new version (3.1) has the GUI and the assistant polished, and the exploit number went up to 267!!

This project is growing and improving in every release :)

I downloaded the RC for windows and i liked a lot, here are some screenshots:













Wanna try the GUI in the new release?

https://metasploit.com/framework-3.1-rc1.exe
https://metasploit.com/framework-3.1-rc1.tar.gz

Enjoy :)

Friday, January 11, 2008

Portbunny - Port scanning improvement


A new port scanner has been released by the Recurity Labs guys (FX), it has some improvements over the well known scanners (Nmap). It's was developed for the security professionals, with performance in mind. As stated in Portbunny webpage:



"PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned."

Portbunny webpage

Enjoy.

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...