Stefan Esser presents an approach, a way to detect unknown query types which are result of SQL-Injection. The said approach is a simple way to make arbitrary applications more secure without touching a single line of code. This approach is based on the idea that SQL queries issued by an application always have a certain [...]
Sandro Gauci has posted a very interesting video demonstration about what he called Surf Jack. Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in many public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set [...]
The PHP development team announced the first alpha release of the upcoming minor version update of PHP. The new version PHP 5.3 is expected to improve stability and performance as well as add new language syntax and extensions. The purpose of this alpha release is to encourage users to not only actively participate in identifying [...]
Google opened up and launched knol to the public. Knol introduces a new method for authors to work togerther. It is called moderated collaboration. Knol also encourages you to reveal your true identity. Google says that the “key principle behind Knol is authorship”. You write an authoritative article about a specific topic. It’s a new [...]