Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Paper announcement: Know Your Enemy: Web Application Threats

from [Jamie Riden] Network Security [Permanent Link]
Subject: Paper announcement: Know Your Enemy: Web Application Threats
Date: Sat, 24 Feb 2007 23:16:45 +0100 
The Honeynet Project & Research Alliance is pleased to announce the
release of a new paper "Know Your Enemy: Web Application Threats".
This technical white paper provides behind the scenes information on
various HTTP-based attacks against web applications, including remote
file inclusion and exploitation of the PHPShell application. The paper
is based on the research and data collected from the Chicago Honeynet
Project, the New Zealand Honeynet Project and the German Honeynet
Project during multiple honeypot compromises.

The paper is available at http://honeynet.org/papers/webapp

Along with the release of this paper, comes new functionality to the "Google
Hack" Honeypot (GHH), used extensively in the paper. GHH now includes an
automated malware collection function, as well as remote XML-RPC logging for
SSL support. GHH is available at http://ghh.sourceforge.net.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Paper announcement: Know Your Enemy: Web Application Threats, Jamie Riden <=
Previous by Date:  SQL Injection and XSS testing,, IRM
Next by Date:  Re: SQL Injection and XSS testing,, eugk . 46247649
Previous by Thread:  SQL Injection and XSS testing,, IRM
Next by Thread:  [Full-disclosure] WordPress AdminPanel CSRF/XSS - 0day, SaMuschie
Indexes:  [Date] [Thread] [Top] [All Lists]