Showing posts with label coding. Show all posts
Showing posts with label coding. Show all posts

Friday, January 30, 2009

Protecting users from password theft

A very good article from Chris Eng (Veracode), about how developers can design a strong password scheme in the applications to protect users from password theft. 

Suppose that your database is stolen (hope no) is  the data protected? the thiefs could revert back the passwords easily?  In my lasts pentest the passwords were stored in clear texts..... so it's common practice to have the password stored in an insecure way, or even clear text.

Here is a good practice for your developers or customers:

Veracode - How to protect your users from password theft

-CMM
By - No comments:
Labels: ,

Thursday, December 4, 2008

Python Regexp tester

When you are coding in python and need to use a regular expression, i always end up firing up a python interpreter and trying the regexp on the fly, now i discovered www.pythonregex.com , a web application created over Google App Engine that allows you to try regular expressions without having to code a line, you just need to write the regexp and put the string or text where do you want to apply it.


Give a try here

-CMM
By - No comments:
Labels: ,
Subscribe to: Posts (Atom)

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...

  • Wfuzz 2.1 released !
    I'm pleased to announce  a new version of WFuzz! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
  • Scan for shellshock with wfuzz
    In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
  • Wfuzz 2.2.0 released
    I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...