| Advanced SQL injection paper (ngssoftware)  |
NGSSoftware's SQL injection papers. The first paper focuses on ASP/MS-SQL issues and is quite throughtout with the details. The second paper is an addennum to the first, and clarifies some issues that was not perhaps that clearly explained in the fir |
999 |
|
| Attacking the DNS protocol |
This paper explains pretty well some of the attacks plaguing the DNS protocol. Attacking DNS for zone transfers, cache poisoning and so on might not be the most common practice in audits, but it is good to be aware of these kind of attack possibiliti |
963 |
|
| Blindfolded SQL injection |
This whitepaper explains how it is not always necessary to have descriptive error-messages to perform successful SQL injection attacks. It is clean and written well. |
870 |
|
| Cross site scripting FAQ |
This paper is about Cross Site Scripting and explains to the reader what an XSS is about and why it is dangerous, giving some examples. This is a good briefer into the XSS-attacks. |
904 |
|
| Exploiting cisco routers (part 1) |
This article-serie shows some methods of enumerating and exploiting Cisco routers. Good read for those that require network device knowledge, but has never had the chance to experiment. |
944 |
|
| Exploiting cisco routers (part 2) |
This article-serie shows some methods of enumerating and exploiting Cisco routers. Good read for those that require network device knowledge, but has never had the chance to experiment. |
888 |
|
| Fingerprinting port 80 attacks |
In these articles is shown what actual attacks would look like in the web-logs and gives some examples what to expect. Why I posted these is that they give also clues of possible attack methods. |
885 |
|
| Fingerprinting port 80 attacks (part 2) |
In these articles is shown what actual attacks would look like in the web-logs and gives some examples what to expect. Why I posted these is that they give also clues of possible attack methods. |
850 |
|
| Google search strings assist in auditing |
This site contains loads of google search strings that can reveal sensitive information on a site. A nice addition to put in use, maybe some day there will be a tool automating these. |
926 |
|
| IP spoofing introduction |
This OK paper touches IP & TCP, as these are vital ones in understanding what IP spoofing really is about. The paper kindly explains several scenarios and why these are possible. The technique does not allow for anonymous Internet access, which is a |
661 |
|
| Neworder.box.sk |
New Order hosts lots of tools and keeps track of exploits. It is also posting security-info and lots of articles. From here you might find the right tool, paper or exploit to get you going with the task you have. |
624 |
|
| oracle row level security |
In this article serie Pete Finnigan explains what the row level security feature in Oracle database is, and how it is used for added security. He also explains how to audit these policies. |
612 |
|
| Oracle security testing |
This site has loads of links to Oracle-related security papers, giving lots of information about how to test the security of Oracle databases & how to secure them. Very good resource if you got a database to secure or audit. |
657 |
|
| Pentesting for web applications (part 1) |
This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. |
777 |
|
| Pentesting for web applications (part 2) |
This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. |
671 |
|
| Pentesting for web applications (part 3) |
This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. |
676 |
|
| Red team assessment paper |
This is a student pentest-paper about demonstrating weaknesses in the security architecture proposed by Parliament Hill Firewall Practical #0063. The paper is written quite well and contains interesting scenario how to attack the system. |
1'219 |
|
| Soap web security |
The purpose of SOAP is to allow various components to communicate using remote functionality as if they were local. This paper explains some types of attacks and defenses based on the SOAP implementation. it also acts as a nice small primer to SOAP. |
688 |
|
| SQL injection paper (securiteam) |
SecuriTeam has released an SQL injection paper that is quite good. This should help you grasp the basics of SQL injection techniques, especially if you do pentests against web-applications. |
663 |
