RSS

Category Archives: Uncategorized

Firefox Addons for Security Professionals

  • TAMPER DATA

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.

Trace and time http response/requests.Security test web applications by modifying POST parameters.
FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.

https://addons.mozilla.org/en-US/firefox/addon/966/

  • SQL INJECT ME

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.
You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

https://addons.mozilla.org/en-US/firefox/addon/7597/

  • HackBar

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar and google.


# The advantages are:
Even the most complicated urls will be readable
The focus will stay on the textarea, so after executing the url (Ctrl+Enter) you can just go on typing / testing
The url in textarea is not affected by redirects.
I tend to use it as a notepad 🙂
Useful tools like on the fly uu/url decoding etc.
All functions work on the currently selected text.
MD5/SHA1/SHA256 hashing
MySQL/MS SQL Server/Oracle shortcuts
XSS useful functions
# Shortcuts
Load url ( Alt + A )
Split url ( Alt + S )
Execute ( Alt + X, Ctrl + Enter )
INT -1 ( Alt – )
INT +1 ( Alt + )
HEX -1 ( Ctrl Alt – )
HEX +1 ( Ctrl + Alt + )
MD5 Hash ( Alt + M )
MySQL CHAR() ( Alt + Y )
MS SQL Server CHAR() ( Alt + Q )

 

Advertisements
 
Leave a comment

Posted by on August 27, 2014 in Uncategorized

 

Exiting workers more likely to steal data than stationery

Many workers have confessed they would be prepared to swipe data from their ex-employers when they changed jobs.

An online poll of 1,594 full and part-time workers and contractors in the US and UK found that around a quarter (29 per cent in the US and 23 per cent in the UK) would steal customer lists and other sensitive data when they moved employment.

A slightly smaller percentage – 15 per cent in the US and 17 per cent in the UK would walk away with product designs and plans.

By comparison only 13 per cent in the US and 22 per cent in the UK would take small office supplies. However, even the ethically flexible stopped short of being prepared to sell confidential data found in improperly secured files, with only one per cent in the UK and an even lower 0.5 per cent in the US prepared to launder such data on the black market.

A much larger percentage – 45 per cent of US and 57 per cent of UK respondents – admitted they would be unable to resist the temptation to look inside if they came across a confidential file containing, for example, merger plans or salary information.

The survey, commissioned by identity management firm SailPoint, and run by Harrison interactive, found mixed opinions about whether or not the recession has increased the temptation for workers to steal. Around 45 per cent of US respondents and a similar 48 per cent in the UK reckoned economic hard times have had no effect.

“It [the survey] highlights what I call a ‘moral grey area’ around ownership of electronic data,” said Jackie Gilbert, vice president of marketing and co-founder of SailPoint. “We see this in the fact that there are more workers who are comfortable taking various forms of company data, such as customer contact information, than workers who would take a stapler.”

Reference-
http://www.theregister.co.uk/2010/08/19/rogue_workers_survey/

 
4 Comments

Posted by on August 20, 2010 in Uncategorized

 

Intel and McAfee made a surprise announcement

Thursday intel and McAfee made a surprise announcement that the chip megamaker plans to acquire the security-software giant in a $7.68bn all-cash deal, and across the technical and financial communities, the response was a nearly unanimous “WTF?”

http://www.theregister.co.uk/2010/08/19/intel_and_macafee_wtf/

 
Leave a comment

Posted by on August 20, 2010 in Uncategorized