Submit Your Top Web Hacking Techniques for 2008

The Open Web Application Security Project (OWASP) has recently released a XSS (Cross Site Scripting) Prevention Cheat Sheet. This cheat sheet helps developers identify how and when to output encode or escape untrusted user data when including it within a page. I am particularly excited about this resource because it not only discusses the case in which HTML encoding is necessary, but also helps layout rules or conditions for using JavaScript, CSS, Attribute, and other encoding schemes.
 

Trace注：文章中提到的Incognito可以到这里下载。

Trace注：一款Fuzzer，功能比较全，需要JavaRuntime支持。

Version 1.2 (codename Athena) introduces the ability to open, load and save files on fuzzing sessions using the .jbrofuzz format. Graphing has been expanded to a tab and can be performed at any time. Also, a headers tab, including default headers of a number of operating system browsers has been included.

The videos from HITBSecConf2008 - Malaysia are now available for download!

During this week, securityfocus, have reported a number of vulnerabilities in several applications where, as usual, one can not miss for Microsoft environments. Given that these "unsafe gaps" in planning the program allows to conduct attacks of various kinds, it's interesting to know the potential that can exploit a vulnerability through proofs-of-concept.

Trace注：tarasco出的http扫描软件，这次发行的版本带了fscan_gui。

Sql_2005_inj是专门用于注入mssql2005数据库的工具，是我
去年暑假7月份写的。由于功能很简单不完善一直没发布，由于要
写新版本所以把老的放出来晒晒。

Broken authentication is the 7th in the OWASP top 10 web application vulnerabilities. It is a security problem that is prevalent in many web applications, especially custom ones or those written in-house.  Sandro just published a tutorial showing how to identify these security issues and attack vulnerable web applications for educational purposes. To automate much of the process, Sandro makes use of Acunetix WVS HTTP Sniffer and the HTTP Fuzzer instead of writing custom tools to do this.

Trace注：硬盘够大的朋友下吧
Two resources with a nice collection of rainbow tables available for download for free: