Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Tool availability - browser DOM Checker

from [Michal Zalewski] Network Security [Permanent Link]
Subject: [Full-disclosure] Tool availability - browser DOM Checker
Date: Sat, 26 Jan 2008 00:49:09 +0100 (CET) 
Hi,

Along with my colleague Filipe Almeida, I'd like to announce the 
availability of DOM Checker, an automated tool for validating browser 
security policy enforcement. The project is hosted at:

http://code.google.com/p/dom-checker/

The tool features several fairly neat features, including exhaustive 
hierarchy crawling and side-channel blind write validation to reduce the 
number of false positives.

DOM Checker had been used to find a number of major security bypass and 
information disclosure problems in several popular browsers, and we had 
worked closely with vendors to resolve them (although it's worth noting 
that the tool still reports anywhere from 10 to 30 low-risk, 
design-related information disclosure issues in these programs).

Our hope is that this tool may serve as a framework for ongoing browser 
security research, and would be integrated by browser vendors with their 
regression testing and general release QA processes.

Please note that this code is experimental - if you encounter any 
problems, or simply have an idea on how to make it better, let us know.

Cheers,
/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Tool availability - browser DOM Checker, Michal Zalewski <=
Previous by Date:  Two vulnerabilities for PatchLink Update Client for Unix., lcashdol
Next by Date:  [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting, Thijs Kinkhorst
Previous by Thread:  Two vulnerabilities for PatchLink Update Client for Unix., lcashdol
Next by Thread:  [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting, Thijs Kinkhorst
Indexes:  [Date] [Thread] [Top] [All Lists]