AppSec Blog

Weekly Roundup of Web Hacking Incidents

The following web hacking incidents were added to WHID in the past week: WHID 2010-211: New DDoS Trojan Attacks Sites That Criticize Vietnamese Communist Party - http://bit.ly/cBlZH9 WHID 2010-210: RIAA and LimeWire - Both Are Offline - http://bit.ly/dzzCtR WHID 2010-209: Hacker may have accessed DHH database - http://bit.ly/9JGnnR WHID 2010-208: BoingBoing hacked and defaced - … Continue reading Weekly Roundup of Web Hacking Incidents


Weekly Roundup of @Risk Web Application Vulnerabilities

****************************************************************** @RISK: The Consensus Security Vulnerability Alert October 28th, 2010 Vol. 9. Week 44 ****************************************************************** Web Application - Cross Site Scripting 10.44.25 - sNews "snews.php" Cross-Site Scripting and HTML Injection Vulnerabilities 10.44.26 - IBM Tivoli Access Manager for e-business … Continue reading Weekly Roundup of @Risk Web Application Vulnerabilities


Weekly Roundup of Web Hacking Incidents

The Web Hacking Incident Database, or WHID for short, is aWeb Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID's goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The … Continue reading Weekly Roundup of Web Hacking Incidents


Weekly Roundup of @Risk Web Application Vulnerabilities

****************************************************************** @RISK: The Consensus Security Vulnerability Alert October 21st, 2010 Vol. 9. Week 43 ****************************************************************** Web Application - Cross Site Scripting 10.43.42 - TWiki Multiple Cross-Site Scripting Vulnerabilities 10.43.43 - Attachmate Reflection for the Web Cross-Site Scripting 10.43.44 - … Continue reading Weekly Roundup of @Risk Web Application Vulnerabilities


ASP.NET Padding Oracle Vulnerability

A very serious vulnerability in ASP.NET was revealed this past month that allows attackers to completely compromise ASP.NET Forms Authentication, among other things. When things like this happen, as developersit's important to see what lessons can be learned in order to improve the defensibility of our software. Source: 'Padding Oracle' Crypto Attack Affects Millions of … Continue reading ASP.NET Padding Oracle Vulnerability