Silicon Asylum

Search This Blog

Web App Security Reading - 20150724

July 24, 2015

I was on a boring conference call this morning and noticed I'd accumulated quite a glut of WebAppSec reading links. I figured I'd dump them here for people to peruse and give me a way to cleanup my bookmarks :)

WebAppSec:

XSS Vulnerability Shows How Security Issues Can Creep into Popular Software
Sector Presentations (2014)
Generic XXE Detection
Hacking HTTPS -> HTTP referrers
Referrer CSRF Bypass ( Not Effective But Alternative )
Playing with Content-Type – XXE on JSON Endpoints
Clickjacking with Jack
Your Application Security Program: Flawless Logic for Big Savings
5 Steps for a Winning AppSec Program
SAML

On Breaking SAML: Be Whoever You Want to Be
OWASP : Auth Cheat Sheet : SAML
ZAP SAML Extension (2yrs old as of 201507)

Cookie Bombing

Browser Cookie Limits
DoS attack on CDN users
Cookie Bomb or let's break the Internet
The maximum total HTTP header length for BIG-IP WebAccelerator and BIG-IP AAM is now 16,384 bytes

Practical HTTP Host header attacks
Cross-Site Trust Exploitation (XSTE/CSTE) (Content Injection/Spoofing)
Detecting low entropy tokens with massive bloom filters in Burp

Other:

BSides Vancouver youtube Channel
Make Your Images Interactive
Interruption Science
Neural Computation and Adaptive Perception - Summer School 2014
CrowdTesting

uTest
PassBrains

MobileSec

Introducing the iOS Reverse Engineering Toolkit
OWASP iGoat
New X-Ray Android Security App Scans Devices For Vulnerabilities
Poking Around in Android Memory
Secure your mobile applications
Android Application Assessment
Intentional Evil: A Pen Tester's Overview of Android Intents
IOS Application security Part 1 – Setting up a mobile pentesting platform
IOS Application security Part 2 – Getting class information of IOS apps
IOS Application security Part 3 – Understanding the Objective-C Runtime
iOS Application Security Part 4 – Runtime Analysis Using Cycript (Yahoo Weather App)
IOS Application security Part 5 – Advanced Runtime analysis and manipulation using Cycript (Yahoo Weather App)
IOS Application Security Part 6 – New Security Features in IOS 7
Unearthing the hidden shortcomings in Aussie mobile app security
Creating a iOS7 Application Pentesting Environment

Python 2.5’s “partition” saves my bacon

Get link
Facebook
X
Pinterest
Email
Other Apps

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Post a Comment

Keyboard Shortcuts (Part I)

September 15, 2006

People often notice that I don't use the mouse as much as most people. Personally I find it much quicker to do a lot of tasks using the keyboard. Therefore I've decided to post a list of keyboard shortcuts from time to time. Hopefully you'll enjoy them and and find them useful like I do. When editing text: ctrl + arrow (Left or Right) > Move the insertion point left or right entire words. ctrl + shift + arrow (Left or Right) > Highlight entire words (left or right of the insertion point). double click > Highlight an entire word. triple click > Highlight an entire line (not sentence). shift + home > Highlight from the insertion point to the start of the line. shift + end > Highlight from the insertion point to the end of the line.

Get link
Facebook
X
Pinterest
Email
Other Apps

Post a Comment

VOTE for Firefox TLS 1.2 Support

September 27, 2011

As some of you may have heard TLS1.0 got some bad news/press recently. Various details: One , Two , and Three or check this Technical Paper (pdf) . So please go over here -> Firefox : Bug 480514 - Implement TLS 1.2 (RFC 5246) and VOTE! If you're really ambitious you could also go vote for TLS 1.1 implementation (for the sake of maximizing compatability with web servers): Firefox : Bug 565047 - Implement TLS 1.1 (RFC 4346)

Get link
Facebook
X
Pinterest
Email
Other Apps

Post a Comment

Keyboard Shortcuts (Part II)

November 14, 2006

Continuing from my previous post on Keyboard Shortcuts : Windows Desktop/Explorer Window: F1 > Open Windows Help (Or active application help if you aren't on the desktop or in windows explorer) F2 > When you have a file selected F2 will take you into Rename mode F3 or WinKey + F > Open the find file or folder applet F5 > Refresh Window WinKey + M > Minimize All Windows WinKey + shift + M > Restore All Minimized Windows WinKey + D > Show Desktop WinKey + L > Lock Windows (Not available before WinXP) WinKey + E > Launch Windows Explorer WinKey + B > Set Focus to the TaskBar (dunno why you'd want to do this) WinKey + ctrl + F > Open the find computer applet shift + delete > Permanently remove a file (same as delete followed by empty trash) alt + tab > Cycles through your program list alt + shift + tab > Cycles backwards through your program list alt + space > Activate the window control menu (same as right clicking the icon in the top l...