sqlninja 0.2.2 Released – SQL Injection Tool

Tuesday, April 15th, 2008

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.  Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to ...

Keep on Fuzzing!

Monday, April 14th, 2008

As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too. Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are ...

ProxyStrike – Background SQL Injection and XSS analysis

Wednesday, April 9th, 2008

The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won’t be duplicating their feed here, but when I see something that I want to test for myself, I will be posting ...

Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Wednesday, April 9th, 2008

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon. Wfuzz is a tool designed for bruteforcing Web Applications, ...

Microsoft Releases 14,000 Pages Of Trade Secrets

Tuesday, April 8th, 2008

Microsoft continued to release formerly closely-held application protocol documentation Tuesday, posting 14,000 pages of information for Microsoft Office 2007, SharePoint Server 2007 and Exchange Server 2007 at MSDN, a Web site for developers. The protocol information released includes protocols that allow Exchange Server to communicate with Outlook and those used by Office ...