Posts Tagged “security”

“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?

OWASP defines Cross-Site Scripting as:

“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , ,

Comments No Comments »

If you performed a default install of ModSecurity but never modified the configuration or completed any other steps the chances are that you are not logging any ModSecurity items. Typically you just need to add a directory structure with the proper permissions and then ModSecurity will do the rest as far as generating the files themselves.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , ,

Comments No Comments »

Recently there was a 0-day vulnerability posted for WordPress which allows users with edit post capabilities to issue SQL injection attacks against the WordPress site. Depending on the type of site that you run this isn’t a huge deal unless you allow any users that sign up to edit and publish articles on the WordPress site. One of the things that could help assist in this type of scenario is knowing who logins in and when as well as knowing if there are failed logins which could help indicate malicious activity. Below is information on a plugin that can accomplish both of these goals.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , ,

Comments No Comments »

Lately I have had a lot of requests on how to install Sun’s Virtual Box on Backtrack 4. Virtual Box is a virtual environment similar to Vmware but it is free. Virtual Box will allow you to run other operating systems on your host. This can be useful for security because you will not harm any one or any thing will practicing.
It should be noted that adding third party repositories to any distribution can cause problems. That being said, many of us have downloaded and installed Virtual box using this method with out any problems.

Below I will outline the few simple steps to install Virtual Box

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , ,

Comments 3 Comments »

I was creating some demo videos for a class I am giving in a few weeks and I decided to post a few that I will not be using. This is the first in a series of Metasploit Attacks I will be showing. As always, these things are for instructional use only. Special thanks to the author of the .vbs script which I found on the internet.

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , ,

Comments 2 Comments »