Abusing HTTP Status Codes to Expose Private Information

Ignoring the privacy implications for a second, as a website developer, you might like to know if your visitors are logged into GMail; you could use that information to automatically fill the email fields in your forms with “@gmail.com”… Perhaps you might want to make your Facebook “like” buttons more prominent if you can tell your visitor is logged into Facebook at the moment? Here’s how I achieve this.


Facebook’s Instant Personalization: An Analysis of Fundamental Privacy Flaws « 33 Bits of Entropy

Instant Personalization allows a partner website to automatically learn the identity of a visitor (as well as some data about them) without any explicit user action, provided that the visitor is a logged-in Facebook user. It is probably the most privacy-intrusive change introduced by the company this year, and could lead to a profound change in how the web works and is perceived.


Chroma-Hash revisited

Chroma-Hash allows you to quickly compare the contents of two secure text fields. It’s common for a signup flow to ask you to type your password twice (to make sure you didn’t mistype it). With this visualization, a user can instantly check to see if what she typed was the same each time, without having to submit the form.


skipfish – Project Hosting on Google Code

A fully automated, active web application security reconnaissance tool. Key features:

* High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.

* Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

* Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.


Side-Channel Leaks in Web Applications | Freedom to Tinker

Secure web connections encrypt traffic so that only your browser and the web server you’re visiting can see the contents of your communication. Although a network eavesdropper can’t understand the requests your browser sends, nor the replies from the server, it has long been known that an eavesdropper can see the size of the request and reply messages, and that these sizes sometimes leak information about which page you’re viewing, if the request size (i.e., the size of the URL) or the reply size (i.e., the size of the HTML page you’re viewing) is distinctive.


PHPIDS » Web Application Security 2.0

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.


CrypTool

CrypTool makes it fun and easy to learn about classic and modern cryptography and cryptanalysis. It is used at universities and schools as well as in national and international companies and agencies for educational purposes.


WhyUseOfr < Community < TWiki

* In the closed-source world, you have a bunch of black-hats trying to find exploits in the software, sometimes by reverse engineering the product and sometimes using source code that has been accidentally leaked. Opposing them are a limited number of white-hats that work for the closed-source company that controls the software. As an administrator, you’re dependent on the technical talent of the closed-source company, it’s budgets, and finally the politics of its PR decisions (see CiscoBlackHat2005) as to whether bugs are found, fixed, and reported to you.

* In the open-source world, you have a bunch of black-hats trying to find exploits in the software using the source-code itself. In contrast to the closed-source world, however, you also have an almost unlimited number of white-hats doing the same thing. Those white hats are not limited by the technical talent, budgets, or politics of a single company. As a result, more bugs are found, fixed, and reported more quickly. You get more information, faster, in order to keep your network secure.


HTTP Authentication with HTML forms : Paul James

The main reason people walk away from using HTTP authentication is that they want control over the look of the login form and most browsers display an awful looking dialog box. So what we need is a way for HTML forms to pass HTTP auth data when it’s submitted. The HTML spec provides HTML forms as a way to create queries and to POST urlencoded data to a URL, but can we subvert it?
With the power of javascript we can.

super simple http authentication the ajaxian way.

Load More