AppSec Blog

Weekly Roundup of @Risk Web Application Vulnerabilities

****************************************************************** @RISK: The Consensus Security Vulnerability Alert October 28th, 2010 Vol. 9. Week 44 ****************************************************************** Web Application - Cross Site Scripting 10.44.25 - sNews "snews.php" Cross-Site Scripting and HTML Injection Vulnerabilities 10.44.26 - IBM Tivoli Access Manager for e-business … Continue reading Weekly Roundup of @Risk Web Application Vulnerabilities


Weekly Roundup of Web Hacking Incidents

The Web Hacking Incident Database, or WHID for short, is aWeb Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID's goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The … Continue reading Weekly Roundup of Web Hacking Incidents


Weekly Roundup of @Risk Web Application Vulnerabilities

****************************************************************** @RISK: The Consensus Security Vulnerability Alert October 21st, 2010 Vol. 9. Week 43 ****************************************************************** Web Application - Cross Site Scripting 10.43.42 - TWiki Multiple Cross-Site Scripting Vulnerabilities 10.43.43 - Attachmate Reflection for the Web Cross-Site Scripting 10.43.44 - … Continue reading Weekly Roundup of @Risk Web Application Vulnerabilities


ASP.NET Padding Oracle Vulnerability

A very serious vulnerability in ASP.NET was revealed this past month that allows attackers to completely compromise ASP.NET Forms Authentication, among other things. When things like this happen, as developersit's important to see what lessons can be learned in order to improve the defensibility of our software. Source: 'Padding Oracle' Crypto Attack Affects Millions of … Continue reading ASP.NET Padding Oracle Vulnerability


WASC Web Hacking Incident Database Semi-Annual Report

In addition to being a SANS Certified Instructor, I also serve as the WASC Web Hacking Incident Database (WHID) project leaders. If you are unfamiliar, WHID is a project dedicated to maintaining a record of web application-related security incidents. WHID's purpose is to serve as a tool for raising awareness of web application security problems … Continue reading WASC Web Hacking Incident Database Semi-Annual Report