News

A Simple News System For Basic Websites

0
3 years ago
by Chris in , , , , , , ,
email A Simple News System For Basic Websites

This is a very simple news system with comment support which is ideal for adding simple blog/news system functionality to any website needing that kind of system. In the past I'd usually use wordpress as a pre-built solution for adding this kind of content to a site and although you get a lot of extra benefits by using wordpress (as a result of its plugin system) there can be a lot of issues with tweaking the wordpress theme to suite the site. The method of embedding this system is so simple that it can be used easily within any site template and as such it's perfect for quickly adding blogging or news system style functionality to previously static sites or E-Commerce systems where an attempt at tying in wordpress could be very messy

More here:
A Simple News System For Basic Websites





Some useful news from the WASC

0
6 years ago
by Chris in
email Some useful news from the WASC

The Web Application Security Consortium (WASC) is pleased to announce the
inital release of data collected by the Distributed Open Proxy
Honeypot Project.  This first release of information is for data gathered
from January - April, 2007.  During this timeframe, we had 7 internationally
placed honeypot sensors deployed and sending their data back to our central
logging host.What did we see?  Here are some brief highlights -   - SQL Injection Attacks
  - Brute Force Attacks
  - OS Command Injection
  - Web Defacement Attempts
  - Google-Abuses (Google-Hacking and Proxying for BannerAd/Click Fraud)
  - Information Leakage

We have created a PDF document here -
http://www.webappsec.org/projects/honeypots/Threat_Report_05072007.pdf
.  The attacks are mapped to the WASC Threat Classification categories.
There are some high-level statistics shown, however they are very crude as
this was not the focus of this phase of the project.  We understand that the
data presented is a bit raw, however we wanted to release this information
so that the public may have a chance to review it and provide feedback.  Our
initial goal was to identify the types of current attacks that are using
open proxy servers.  In our future deployments, we will attempt to refine
the data analysis processes to extract out trend data and high level
concepts. In the near future, we will be updating both the VMware honeypot
sensors themselves and will also use a newer version of the centralize
logging host (ModSecurity Console).We are also planning to release more frequent information in the form of
diary entries on the project webpage as new attacks/trends are identified.While the initial deployment was a success, we still need participants who
are willing to participate by deploying our VMware honeypot sensor on their
network.  If you are interested in participating, please send an email to
Ryan Barnett at - RCBarnett_@_gmail.com.

URL:
http://www.webappsec.org/projects/honeypots/

Regards,--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
Distributed Open Proxy Honeypot Project Lead

To try:

http://framework.metasploit.com/msf/

 http://sqlmap.sourceforge.net/

SpyDynamics

Acunetix Vulnerability Scanner

Links

http://www.owasp.org/index.php/Category:OWASP_Project





Go to Top