andrewpetukhov.blogspot.com
Pondering over...: Building a benchmark for SQL injection scanners
http://andrewpetukhov.blogspot.com/2011/08/building-benchmark-for-sql-injection.html
Building a benchmark for SQL injection scanners. Пятница, 19 августа 2011 г. Building a benchmark for SQL injection scanners. In couple of last years we have seen a lot of emerging projects aiming at web application vulnerability analysis automation. That's right, I mean security scanners. Just to name a few: w3af. I like to group security scanners according to their feature sets:. General purpose vs special-purpose (testing for SQLi or XSS only);. Detection only vs detection exploitation. Do you provide...
orenh.com
Oren Hafif: February 2014
http://www.orenh.com/2014_02_01_archive.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Tuesday, February 11, 2014. CVE-2014-0050: Exploit with boundaries, Loops without boundaries. You are more than invited to read the post I wrote on the SpiderLabs blog. The post include analysis of the vulnerability, exploit and recommendations. You can find the post here:. Posted by Oren Hafif. Subscribe to: Posts (Atom). Google Online Security Blog. 169; Oren Hafif.
orenh.com
Oren Hafif: Google Account Recovery Vulnerability
http://www.orenh.com/2013/11/google-account-recovery-vulnerability.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Thursday, November 21, 2013. Google Account Recovery Vulnerability. Global Main Authentication and Identification Library (GMAIL). So let's say you are using Paypal, Facebook or Twitter, and you forgot your password (shit happens, right? 8211; you are! More about this can be viewed on a video by "security researcher" Don Friesen http:/ www.youtube.com/watch? It's the pa...
orenh.com
Oren Hafif: November 2013
http://www.orenh.com/2013_11_01_archive.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Thursday, November 21, 2013. Google Account Recovery Vulnerability. Global Main Authentication and Identification Library (GMAIL). So let's say you are using Paypal, Facebook or Twitter, and you forgot your password (shit happens, right? 8211; you are! More about this can be viewed on a video by "security researcher" Don Friesen http:/ www.youtube.com/watch? It's the pa...
orenh.com
Oren Hafif: Publications
http://www.orenh.com/p/publications.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. A new web vulnerability that is applicable for Google, Microsoft, Facebook, Yahoo, Mozila and more (2013 – to be published). IIS Shortname Scanning Tool (2013 – to be published). 3 Paypal XSS - (2013 – to be published). Google XSS enabled by CSRF and Flow-Bypass (2013 – to be published). Google Plus "wormable" Click-Jacking vulnerability (2013 – to be published). Adobe ...
orenh.com
Oren Hafif: One Token to Rule Them All - The Tale of the Leaked Gmail Addresses
http://www.orenh.com/2014/06/one-token-to-rule-them-all-tale-of.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Tuesday, June 10, 2014. One Token to Rule Them All - The Tale of the Leaked Gmail Addresses. Since I don't really know where to start, let's start at the end. At the very end of this attack, I am going to hold what appears to be every single email address hosted on Google. So what? I mean why is that such a big deal? From a username to full account takeover. Well until ...
orenh.com
Oren Hafif: About
http://www.orenh.com/p/about-me.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. For me, information security is not just a profession – it is a way of thinking, a mindset, which can be used to improve the lives of billions of users. The purpose of this blog is to share my personal opinions and discoveries. Subscribe to: Posts (Atom). Google Online Security Blog. Ben Hayak - Security Blog. 169; Oren Hafif.
orenh.com
Oren Hafif: Reflected File Download - A New Web Attack Vector
http://www.orenh.com/2014/10/reflected-file-download-new-web-attack.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Thursday, October 30, 2014. Reflected File Download - A New Web Attack Vector. From my Company's Blog:. The full blog post, including links to the WhitePaper and exploit videos is now available:. Http:/ blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html. Posted by Oren Hafif. April 9, 2015 at 7:39 PM. January 25, 2016 at 6:30 AM. 169; Oren Hafif.
orenh.com
Oren Hafif: CVE-2014-0050: Exploit with boundaries, Loops without boundaries
http://www.orenh.com/2014/02/cve-2014-0050-exploit-with-boundaries.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Tuesday, February 11, 2014. CVE-2014-0050: Exploit with boundaries, Loops without boundaries. You are more than invited to read the post I wrote on the SpiderLabs blog. The post include analysis of the vulnerability, exploit and recommendations. You can find the post here:. Posted by Oren Hafif. Subscribe to: Post Comments (Atom). Google Online Security Blog.
orenh.com
Oren Hafif: Coming soon...
http://www.orenh.com/2013/11/coming-soon.html
Application Security, Web Application Security and Penetration Testing. This is a personal blog which represents only my personal views. Saturday, November 16, 2013. Posted by Oren Hafif. Subscribe to: Post Comments (Atom). Google Online Security Blog. Ben Hayak - Security Blog. 169; Oren Hafif. Awesome Inc. template. Powered by Blogger.
SOCIAL ENGAGEMENT