01.31.07
A Website I Rather Enjoy
One of the websites in my RSS feed that I really enjoy is LinuxSecurity.com. The site compiles outside links from various news sources and presents some of the more interesting ones on a single page... however it's not without issues... From the RSS feed, you are constantly getting "Page Not Found" errors... and you have to return to the main page to click the link for the article.
Anyways I was over there looking today and I found some rather interesting articles available:
Stompy Session ID Analyzer -- This is a great concept... I haven't tested it yet so I can't quite say great tool. People quite often create their own Session IDs... this will let you see if they're based off anything.. or if there's a pattern available... Download Link (tgz)
AJAX Fingerprinting Web 2.0 -- Another great concept... As people move to this new world of Web 2.0 applications are being built on frameworks... GWT, PyJamas, ASP.NET AJAX, etc... More often than not when these frameworks are flawed... the applications based off them will also be flawed. The concept of AJAX fingerprinting gives us:
Ajax fingerprinting can help in deriving the following benefits:
- Vulnerability detection – Knowledge of the framework on which a web application is running, allows the mapping of publicly known vulnerabilities found for that particular framework. Example – DWR client side vulnerability.
- Architecture enumeration – On the basis of derived information from fingerprinting it is possible to guess application architecture and inner working of a system. Example – Atlas (.NET application framework), DWR (Servelet/JavaScript combo).
- Assessment methodology – Derived information from the fingerprinting phase can help in defining future assessment path and vulnerability detection methods. Example – Deciding on JavaScript-scanning.
Download Link (pdf)
These last two are just news articles...
2006: The Year Hacking Became a Business
