Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

  WRITE ARTICLE

 SECURITY


  Some hidden XSS injection vulnerabilities

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...

4,901 0 0          PHP SECURITY XSS JAVASCRIPT CODE


  8 very useful and free web security testing tools

With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...

15,693 0 0          WEBSITE ATTACK SECURITY WEB SECURITY


  The Best Hackers In The World All Come From One Country

Facebook, Zynga, and other hot companies use Interview Street to recruit programmers. Interview Street posts programming challenges and invites contenders to solve as many as they can. According to their message board, nine of Interview Street's top ten hackers are all from China. One is from an unknown country. A hacker called ralekseenkov, who is ranked number 11, is from the United States. What does that say about the talent crunch here? Read more: http://www.businessinsider.com/hackers-...

3,295 1 0          MICROSOFT HACKER CHINA COUNTRY


  Speed Hashing

A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion. In reality the usable space is substantially less; you can start seeing significant collisions once you've filled half the space, but half of an impossibly large number is still impossibly large. Back in 2005, I wondered about the difference between a checksum and...

2,989 0 0          SECURITY SPEED HASHING MD5


  SQL Injection through HTTP Headers

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vul...

14,164 0 1          SQL INJECTION CODE SECURITY HTTP HEADER


  Introduction to OAuth (in Plain English)

Last week we talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. This is a quick guide to illustrate, as simply as possible, how OAu...

1,798 0 0          SECURITY OAUTH PERMISSION PARTIAL ACCESS


  The mystery of Duqu Framework solved

The Quest for Identification In my previous blogpost about the Duqu Framework, I described one of the biggest remaining mysteries about Duqu – the oddities of the C&C communications module which appears to have been written in a different language than the rest of the Duqu code. As technical experts, we found this question very interesting and puzzling and we wanted to share it with the community. The feedback we received exceeded our wildest expectations. We got more than 200 comm...

17,285 1 0          C++ DUQU CODE MYSTERY OO C


  The Greatest Hacks of All Time

Reader's advisory: Wired News has been unable to confirm some sources for a number of stories written by this author. If you have any information about sources cited in this article, please send an e-mail to sourceinfo[AT]wired.com. In 1972, John T. Draper discovered he could make free long-distance phone calls using a whistle from a Cap'n Crunch cereal box. The whistle emitted a 2,600-hertz tone that got him into the internal authorization system at the phone company. With another noi...

1,397 0 0          HACK GREATEST ALL TIME