Archive for 'WebApp Sec'
Syndicated Malware
It’s virtually impossible to browse to a web-page these days without embedded advertising. Most of this sort of content gets included through the use of javascript retrieved from the ad syndicator’s network (such as Google’s show_ads.js or Yahoo’s ypn.js). Similarly, most web-sites also employ some form of analytics, where the tracking is often achieved in [...]
Posted: October 24th, 2007 under Exploit, WebApp Sec.
Comments: none
Google Vulnerability Assessment Service?
As a follow-up to this post, it’s worth noting that Google’s security team is now working on a blackbox fuzzing tool they call Lemon:
Our vulnerability testing tool enumerates a web application’s URLs and corresponding input parameters. It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyzes the [...]
Posted: July 18th, 2007 under Vulnerability, WebApp Sec.
Comments: none
Search engines the new security vendors?
NewScientist has a good article on the evolution of Botnet infestations, reinforcing the need for Web Application Firewalls to protect against injection attacks.
Seeing a publication like NewScientist providing coverage to this topic suggests an expanded set of minds offering consideration to this problem. The research paper cited in the article was produced by Google (not [...]
Posted: May 9th, 2007 under Botnets, Content Mgmt, WebApp Sec.
Comments: none