AppSec Blog: Author - Frank Kim

Trio of AppSec Webcasts Next Week

We have three cool webcasts lined up next week: 1) SQL Injection for the Penetration Tester on April 27 Eric Conrad will kick off the week of webcasts with something every penetration tester should know about. "Both normal and blind SQL attacks will be described, including reading and altering databases, creating local files, and gaining … Continue reading Trio of AppSec Webcasts Next Week


Webcast on Manipulating Web Application Interfaces

Felipe Moreno will be giving a webcast on Groundspeed, a Firefox add-on that allows penetration testers to manipulate the interface of web applications in order to adapt it to penetration test needs, removing the annoying client-side limitations and making the test more efficient. "Not much has changed since the beginning of the web application penetration … Continue reading Webcast on Manipulating Web Application Interfaces


Top 25 Series - Summary and Links

As requested here are the links to all the posts on the Top 25 Most Dangerous Programming Errors. Please let us know if you have any suggestions or comments. 1 - Cross-Site Scripting (XSS) 2 - SQL Injection 3 - Classic Buffer Overflow 4 - Cross-Site Request Forgery (CSRF) 5 - Improper Access Control (Authorization) … Continue reading Top 25 Series - Summary and Links


Social Zombies: Your Friends Want to Eat your Brains Webcast

Kevin Johnson will be giving a cool webcast called "Social Zombies" where he "explores the various concerns related to malware delivery through social network sites. Ignoring the FUD and confusion being sowed today, this presentation will examine the risks and then present tools that can be used to exploit these issues. We discuss how social … Continue reading Social Zombies: Your Friends Want to Eat your Brains Webcast


Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling

A number of years ago I was conducting a black box test of a fairly large web application. As part of this testing I used an automated script to send malicious inputs to a number of forms on the site in question. I sent a lot of requests. Turned out that, under the covers, the … Continue reading Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling