How to detect SQLi vulnerabilities, examples of web application errors that indicate SQLi, and an introduction to web application vulnerability scanners.
The NoVa chapter of OWASP is meeting on 4/11. Topic: Impact of IPv6 On Your Applications.
Tools
Tools of the trade.
Detecting Cross Site Scripting Vulnerabilities
You can find XSS vulnerabilities in a variety of ways; including manual testing, proxying web traffic, browser extensions, and web application vulnerability scanners.
Manage Your ASSets: NMAP Automation
I have automated, weekly NMAP scans that run, compare the results against the previous week's scans, and email me with what has changed on my network.
OSSEC & Splunk: SIEM for Everyone
OSSEC combined with Splunk is a free and worthy SIEM solution. Here is an overview and high level guide to getting it up and running.
Demonstrating XSS with BeEF
The Browser Exploitation Framework is used to capture the login credentials of a site's users as they authenticate to the site.
Using Wireshark and John to Crack LEAP
Cisco's wireless authentication protocol, LEAP, can be cracked using Wireshark and John the Ripper.
Host Integrity Monitoring – Osiris (part 1)
Right now, I am reading your email. Doubt me? If you're not monitoring your hosts, how do you know?
NetStumbler: Finding Wireless Access Points
NetStumbler is a solid wireless network discovery tool. Download it today, and go do a little wardriving.
Scrawlr – SQL Injection Vulnerability Scan Tool
HP created a trimmed down version of WebInspect that can crawl your website and find SQL injection vulnerabilities.