The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request forgery. In-depth analysis First the Security Gate, then the Airplane Download Magazine Here

WAFP : Web Application Finger Printer Tool WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application. Sample Scan Result:    wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de    VERBOSE: loading the fingerprint database to the ram...    Collecting the files we need to fetch ...    Fetching needed files (#432), calculating checksums and storing the results to the database:    ............................................................................................    VERBOSE: request for "/themes/darkblue_orange/img/b_info.png" produced "Connection refused - connect(2)" for 1 times - retrying...    ................................................................

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Cotton Candy USB with Dual-Core Computer can turns Any Screen Into an Android Station Norwegian company FXI Technologies has been showing a USB stick-sized portable computer prototype, featuring with a dual-core 1.2-GHz CPU, 802.11n Wi-Fi, Bluetooth, HDMI-out and a microSD card slot for memory. Codenamed Cotton Candy because its 21 gram weight is the same as a bag of the confection, the tiny PC enables what its inventor calls "Any Screen Computing," the ability to turn any TV, laptop, phone, tablet, or set-top box into a dumb terminal for its Android operating system. The Cotton Candy has a USB 2.0 connector on one end and an HDMI jack on the other. When connected to an HDTV, it uses the HDMI port for video, the USB for power, and Bluetooth to connect to a keyboard, mouse, or tablet for controlling the operating system. The device can output up to 1080p so even a full HD screen can display the Candy's preloaded Android 2.3 operating system at its native resolution. The dual core CP

Is it hard to crack full Disk Encryption For Law Enforcement ? If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled " The growing impact of full disk encryption on digital forensics " that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT. Abstract of Paper is available here , and Short Info written below: The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn't even need a user specified starting URI. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. Unlike many vulnerability scanners and fuzz tools that rely on static analysis, PHP Vulnerability Hunter analyzes the program as it's running to get a clear view of all input vectors. That means better code coverage and as a result greater confidence in code security. ChangeLog: Added code coverage report Updated GUI validation Several instrumentation fixes Fixed lingering connection issue Fixed GUI and report viewer crashes related