Tools

Tools of the trade.

Detecting SQL Injection Vulnerabilities

Detecting SQL Injection Vulnerabilities

How to detect SQLi vulnerabilities, examples of web application errors that indicate SQLi, and an introduction to web application vulnerability scanners.

Read more »

Detecting Cross Site Scripting Vulnerabilities

Detecting Cross Site Scripting Vulnerabilities

You can find XSS vulnerabilities in a variety of ways; including manual testing, proxying web traffic, browser extensions, and web application vulnerability scanners.

Read more »

Tips and Tricks with OSSEC Rules

Tips and Tricks with OSSEC Rules

Here are some tips I've found that make dealing with OSSEC rules easier.

Read more »

Manage Your ASSets: NMAP Automation

Manage Your ASSets: NMAP Automation

I have automated, weekly NMAP scans that run, compare the results against the previous week's scans, and email me with what has changed on my network.

Read more »

OSSEC & Splunk: SIEM for Everyone

OSSEC & Splunk: SIEM for Everyone

OSSEC combined with Splunk is a free and worthy SIEM solution. Here is an overview and high level guide to getting it up and running.

Read more »

Demonstrating XSS with BeEF

Demonstrating XSS with BeEF

The Browser Exploitation Framework is used to capture the login credentials of a site's users as they authenticate to the site.

Read more »

Using Wireshark and John to Crack LEAP

Using Wireshark and John to Crack LEAP

Cisco's wireless authentication protocol, LEAP, can be cracked using Wireshark and John the Ripper.

Read more »

Host Integrity Monitoring – Osiris (part 1)

Host Integrity Monitoring – Osiris (part 1)

Right now, I am reading your email. Doubt me? If you're not monitoring your hosts, how do you know?

Read more »

NetStumbler: Finding Wireless Access Points

NetStumbler: Finding Wireless Access Points

NetStumbler is a solid wireless network discovery tool. Download it today, and go do a little wardriving.

Read more »

Scrawlr – SQL Injection Vulnerability Scan Tool

HP created a trimmed down version of WebInspect that can crawl your website and find SQL injection vulnerabilities.

Read more »

Where to Find Me

NoVa OWASP: April 11

By

The NoVa chapter of OWASP is meeting on 4/11. Topic: Impact of IPv6 On Your Applications.

Read more »

ISSA Meeting: February 21

By

NoVa ISSA Chapter Meeting! Topic: The Beauty of Surveillance.

Read more »

Security MBA: January 7

By

Come and enjoy some security news while drinking an icy cold refreshment.

Read more »