fuzzing

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a nice post talking about fuzzing with Burp.
    ClearNet Security : need to do a GET before POST, fuzzing with BURP and WebScarab
    Tags: ( webappsec fuzzing burp )
  2. I know it seems like I point out every FudSec.org post that happens and, actually, I do. It's because they are all great posts that have good thought generating material. Jayson attacks Cyberwar in this week's edition.
    Beware of Falling Turtles (Plus other things that shouldn't really frighten us) - fudsec.com
    Tags: ( fudsec cyberwar )
  3. This is a must read in my opinion. I have only read the executive summary and skimmed the assurance framework part so far, but they alone are worth the price of admission. I look forward to digging into the assessment portion soon.
    Cloud Computing Risk Assessment -- ENISA
    Tags: ( cloud risk-assessment )
  4. Craig has an interview with Giles Hogben up with some insight into the new Cloud Security Risk Assessment mentioned above.
    ENISA Cloud Security Risk Assessment: An Interview with Giles Hogben | Cloud Security
    Tags: ( cloud risk-assessment )
  5. Anton takes an interesting approach to why PCI is good.
    Anton Chuvakin Blog - "Security Warrior": Smart vs Stupid: But Not Why You Think So!
    Tags: ( pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Xavier decided to fuzz his car. Good thing he didn't do it when he was driving down the road.
    /dev/random >> Fuzzing a Car Multimedia System?
    Tags: ( fuzzing )
  2. Want to some help on learning how to write windows stack-based exploits? Here you go. A whole mess of tutorials.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Links/tutorials on writing windows (stack based) exploits
    Tags: ( exploit-writing )
  3. An interesting exploration of the three-way TCP handshake process. Particularly, since it can be a four-way handshake. Very cool. It will be interesting to see what comes out of the research about to happen.
    TCP Portals: The Handshake's a Lie! -- BreakingPoint
    Tags: ( networking tcp-handshake )
  4. There is a new vulnerability in Flash and Mike does a great job of explaining it.
    Skeptikal.org: Flash Origin Attack FAQ
    Tags: ( adobe flash vulnerability )
  5. Thierry ZOLLER has put together a very nice document that describes and demonstrates the recent SSL/TLS vunerability. (Direct link to pdf)
    TLS and SSLv3 vulnerabilitys explained (PDF)
    Tags: ( ssl )
  6. Jack makes some good points about customer data, where it came from and where it is going.
    Uncommon Sense Security: Whose customers are they?
    Tags: ( data-leakage )
  7. Here is another resource to do some free monitoring of your websites.
    HolisticInfoSec.org: Sucuri NBIM: website integrity monitoring for free
    Tags: ( monitoring )
  8. (IN)Secure Magazine issue 23 is out. (Link goes directly to pdf)
    INSECURE-Mag-23.pdf (application/pdf Object)
    Tags: ( magazine insecure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }