Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26
Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170 Skip to content
This time it’s about the Web-Security tool "CSRFTester" from The Open Web Application Security Project (OWASP). It’s a short overview how to use the CSRFTester to identify "Cross Site Request Forgery" vulnerabilites in web applications.
Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.
And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!
On my blog are some vulnerabilities called "Cross-site scripting" or "XSS", but what exactly is a Cross-site scripting?
A Cross-site scripting attack is a type of a html injection and the problem is always when a web application accept user input and generates the output without validating or encoding it. This flaw makes it possible for an attacker to inject a malicious script – like javascript – to access cookies, session tokes or some other sensitive information stored in the user’s browser, because it thinks the script came from a trusted source.
They are some different possibilties to identify XSS vulnerabilities:
- use a web security scanner, like xsser, arachni, Nikto …
- test/review the code for places with user input which possibly ends into HTML output(contact forms, search forms …)
With the R75.20 release, a Check Point Security Gateway is ready for HTTPS inspection (Supported blades: Data Loss Prevention (DLP), Anti Virus, Application Control, URL Filtering, and IPS).
I wrote a short howto about the configuration and here are the links to the PDF and to the Wiki
Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26
Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170