thespanner.co.uk
RPO
http://www.thespanner.co.uk/2014/03/21/rpo
Javascript blog with messed up syntax inside. Friday, 21 March 2014. Https:/ hackvertor.co.uk/public. Link href=styles.css rel=stylesheet type=text/css /. The link element above references style.css using a relative URL, depending where in the sites directory structure you are it will load the style sheet based on that. For example if you were in a directory called xyz then the style sheet would be loaded from xyz/style.css . I noticed something interesting with relative styles, manipulating the path of ...
nomoreroot.blogspot.com
No More Root: August 2008
http://nomoreroot.blogspot.com/2008_08_01_archive.html
Information security, exploits, database security, web application security, windows security, hacking, 0day, whatever, etc. Aug 30, 2008. Since IE8 beta2 is out I downloaded and installed it, I wanted to take a look at the brand new XSS filter ( See here. 1) Basically I wanted to see how good it's at filtering XSS, I tried some tricks and it seems to work fine filtering all known XSS attack vectors, etc. So far very good work of MS people. After continuing testing the XSS filter I got a bit disappointed.
soroush.secproject.com
Soroush Dalili Links - Domains
https://soroush.secproject.com/links
Http:/ www.secproject.com/. Http:/ www.twitter.com/irsdl. Http:/ soroush.secproject.com/. Http:/ dalili.secproject.com/. Http:/ irsdl.secproject.com/. Http:/ dalili.soroush.me/. Http:/ irsdl1.wordpress.com/. Source: http:/ www.owasp.org/index.php/Feed. ACE Team – Microsoft. Adam Boulton’s Blog. Adam Shostack – Emergent Chaos. Andrew Jacquith – securitymetrics. Andrew van der Stock – cat slave diary. Andy Steingruebl – Security Retentive. Anton Chuvakin Blog – "Security Warrior". Dark Reading: Snake Bytes.
websec.wordpress.com
Papers | Reiners' Weblog
https://websec.wordpress.com/papers
Anything about Web Security. Code Reuse Attacks in PHP: Automated POP Chain Generation. Johannes Dahse, Nikolai Krein, Thorsten Holz. 21st ACM Conference on Computer and Communications Security (CCS). Scottsdale, Arizona, USA, November 2014. Best Student Paper Award *. Static Detection of Second-Order Vulnerabilities in Web Applications. Johannes Dahse, Thorsten Holz. 23rd USENIX Security Symposium. San Diego, CA, USA, August 2014. Internet Defense Prize *. Johannes Dahse, Thorsten Holz.
seguranca-informatica.net
Segurança Informática: plane hacking
http://www.seguranca-informatica.net/2015/05/plane-hacking.html
Blog com comentários e notícias sobre segurança informática e confiabilidade de computadores e redes - http:/ www.seguranca-informatica.net/. Breaking: The security researcher was able to issue a climb command and make the plane change course, the document states." E isto vindo de uma indústria que sempre levou muito a sério a segurança (safety) :-(. Feds Say That Banned Researcher Commandeered a Plane - Wired.com. Segurança no Software - Livro. Top data breaches 2015. Para além do Stuxnet. Mind Streams ...
seguranca-informatica.net
Segurança Informática: Onde não guardar passwords
http://www.seguranca-informatica.net/2015/04/onde-nao-guardar-passwords.html
Blog com comentários e notícias sobre segurança informática e confiabilidade de computadores e redes - http:/ www.seguranca-informatica.net/. Onde não guardar passwords. Segurança no Software - Livro. Top data breaches 2015. Começam os top 10s de 2015: Biggest data breaches of 2015 From Ashley Madison to VTech it has been a nasty data breach yea. Para além do Stuxnet. Stuxnet - o filme. Lições de segurança de um filme do 007. Notícias: ZDNet Zero Day. Notícias: Schneier on Security. Dragos Lungu Dot Com.
seguranca-informatica.net
Segurança Informática: brinquedos da NSA para todos
http://www.seguranca-informatica.net/2015/08/os-brinquedos-da-nsa.html
Blog com comentários e notícias sobre segurança informática e confiabilidade de computadores e redes - http:/ www.seguranca-informatica.net/. Brinquedos da NSA para todos. When Der Spiegel and Jacob Appelbaum published leaked pages of the National Security Agency's ANT Catalog. In less than 18 months since the catalog's leak, the NSA Playset. 8212;the infamous bug Soviet spies planted inside the US Embassy in Moscow.)". Artigo completo na ArsTechnica. Segurança no Software - Livro. Top data breaches 2015.
seguranca-informatica.net
Segurança Informática: Seccubus
http://www.seguranca-informatica.net/2015/04/seccubus.html
Blog com comentários e notícias sobre segurança informática e confiabilidade de computadores e redes - http:/ www.seguranca-informatica.net/. Seccubus automates vulnerability scanning with: Nessus, OpenVAS, NMap, SSLyze, Burp, Medusa, SkipFish, OWASP ZAP and SSLlabs. Segurança no Software - Livro. Top data breaches 2015. Começam os top 10s de 2015: Biggest data breaches of 2015 From Ashley Madison to VTech it has been a nasty data breach yea. Para além do Stuxnet. Stuxnet - o filme. Dragos Lungu Dot Com.
seguranca-informatica.net
Segurança Informática: Evitar vulnerabilidades de projecto no software
http://www.seguranca-informatica.net/2015/03/evitar-vulnerabilidades-de-projecto-no.html
Blog com comentários e notícias sobre segurança informática e confiabilidade de computadores e redes - http:/ www.seguranca-informatica.net/. Evitar vulnerabilidades de projecto no software. Há muito trabalho em evitar vulnerabilidades de codificação. Este documento é sobre evitar vulnerabilidades de projecto:. AVOIDING THE TOP 10 SOFTWARE SECURITY DESIGN FLAWS (pdf). Segurança no Software - Livro. Top data breaches 2015. Para além do Stuxnet. Stuxnet - o filme. Lições de segurança de um filme do 007.
xssed.org
Links | XSSed.com
http://www.xssed.org/links
D1ms IT security blog. Our Brazilian friends of Zone-H. RSnakes and ids web application security blog. RSnakes and ids web application security forum. Kuza55s web security related blog. Sids homepage. Author of the XSS Assistant. Script for the Greasemonkey. Firefox extension. It allows submitting of XSS vulnerabilities to our archive. Home of the famous ICT security conference. Also one of the best ICT security forums on the web. Russ McRees website and blog. This site has been created by p3lo. In order...