Tags | Domains | Searches | Statistics | Options | Advanced Search
|
Tags | Domains | Searches | Statistics | Options | Advanced Search |
 |
We don’t need NASL - OpenVASGNUCITIZEN - Oct 10, 2008 For those of you who are new to these things, NASL stands for Nessus Attack Scripting Language. NASL is part of the closed-source Nessus vulnerability scanner and its open-source form called OpenVAS (Open Vulnerability … |
 |
Frame Injection FunGNUCITIZEN - Oct 9, 2008 Frame injection vulnerabilities, although some people might consider them the same as HTML injection/XSS or even a subset, they really are not the same. Here is why: there is no need to inject special control … Tagged: google, blog, phishing, web app, pagvac, frame injection, password theft |
GNUCITIZEN - Oct 9, 2008
I asked on LinkedIn what security professionals think about Cloud Security. The answer was as expected. Nobody really knew what I was talking about. How cloud security is any different from web security? Cloud …
Tagged: security, blog, web2 0, utility computing, web2 0 security, cloud security
GNUCITIZEN - Oct 9, 2008
Someone on LinkedIn asked: Is Information Security driven by compliance? to which I say yes and this is a problem!: My long answer goes like this: Getting your security sorted for the sake of compliance is wrong. It …
Tagged: blog, certifications, compliance, linkedin, rant, security certifications
GNUCITIZEN - Oct 8, 2008
This will be a quick post just to share some POCs and more information regarding the recent Clickjacking technique, i.e. UI Redress Attack, a name suggested by Michael Zalewski. Clickjacking is an oldie but, a goodie …
Tagged: security, blog, ui, hack, 0day, clickjacking, ui attacks, ui redress, ui redress attacks
0day, authentication,