Do Know Evil: Web Application Vulnerabilities | Scam Alert Network
| Together we can fight Crime, Scams and Spam
Monday February 6th 2012
Multilayer Website Security Solution

Hot News Flash

Along with rogue anti-malware, fake anti-piracy utilities are now also being distributed. Many Internet users download music and other media from the net, while being infected by malware from hacked or rogue websites. These Trojans issue fake copyright warning messages to scare the public - They are advised to take their chances in court, or skip the heavy fines and possible jail time by opting for a ‘pre-trial settlement’. They are then directed via hacked websites to another malware site where computers are further infected and where fake financial ‘settlements’ are solicited, and where banking details are provided to criminals.

Categories

Archives

Related Posts

No related posts.

Do Know Evil: Web Application Vulnerabilities

Posted by Bruce Leban, Software Engineer

We want Google employees to have a firm understanding of the threats our services face, as well as how to help protect against those threats. We work toward these goals in a variety of ways, including security training for new engineers, technical presentations about security, and other types of documentation. We also use codelabs — interactive programming tutorials that walk participants through specific programming tasks.

One codelab in fastidious teaches developers about common types of web application vulnerabilities. In the spirit of the thinking that “it takes a hacker to catch a hacker,” the codelab also demonstrates how an attacker could exploit such vulnerabilities.

We’re releasing this codelab, entitled “Web Application Exploits and Defenses,” now in coordination with Google Code University and Google Labs to help software developers better recognize, fix, and avoid similar flaws in their own applications. The codelab is built around Jarlsberg, a small yet full-featured microblogging application designed to contain lots of security bugs. The vulnerabilities roofed by the lab include cross-site scripting (XSS), cross-site request forgery (XSRF) and cross-site script inclusion (XSSI), as well as client-state manipulation, path traversal and AJAX and configuration vulnerabilities. It also shows how simple bugs can lead to information disclosure, denial-of-benefit and diffident code execution.

The maxim, “given enough eyeballs, all bugs are shallow” is only right if the eyeballs know what to look for. To that end, the security bugs in Jarlsberg are real bugs — just like those in many other applications. The Jarlsberg source code is published under a Creative Commons license and is available for use in whitebox hacking exercises or in computer science classes covering security, software engineering or general software development.

To get started, visit http://jarlsberg.appspot.com. An instructor’s handbook for by the codelab is now available on Google Code University.

Go to Article

VN:F [1.9.11_1134]
Rating: 4.0/10 (1 vote cast)
VN:F [1.9.11_1134]
Rating: +1 (from 1 vote)
Do Know Evil: Web Application Vulnerabilities, 4.0 out of 10 based on 1 rating
Share this with Friends:
  • del.icio.us
  • Google Bookmarks
  • Blogosphere News
  • FriendFeed
  • Internetmedia
  • laaik.it
  • LinkedIn
  • Linkter
  • Live
  • MySpace
  • Ping.fm
  • Propeller
  • Reddit
  • RSS
  • Socialogs
  • StumbleUpon
  • Technorati
  • Yahoo! Buzz
  • Yahoo! Bookmarks
  • Netvibes
  • Tumblr
  • BlinkList
  • Add to favorites
  • blogmarks
  • Blogplay
  • Current
  • Digg
  • Diigo
  • DotNetKicks
  • DZone
  • eKudos
  • Facebook
  • Fark
  • Faves
  • Fleck
  • FSDaily
  • Global Grind
  • Gwar
  • HackerNews
  • HelloTxt
  • Hyves
  • LinkaGoGo
  • LinkArena
  • Meneame
  • MisterWong
  • MSN Reporter
  • MyShare
  • Netvouz
  • NewsVine
  • PDF
  • Segnalo
  • SheToldMe
  • Simpy
  • Slashdot
  • SphereIt
  • Sphinn
  • Tipd
  • Twitter
  • Upnews
  • Webnews.de
  • Webride
  • Wikio
  • Wykop
  • Xerpi
  • Yigg
  • Suggest to Techmeme via Twitter

No related posts.

Post Published: 06 May 2010
Author: ScamMaster
Found in section: External Artices

Tags: , ,

Previous Topic:
Next Topic:

Latest Topics

How do Criminals Sell Fake Anti-virus Software? How do »

It is easy for criminals to deceive even...

Internet Security while in the Crossfire of Cybercrime and Cyberwar Internet »

Cyber storms or cyber warfare are not...

Blocking Bad »

The best way to combat spam, malicious file...

Scam Alert Network Website Restructuring Scam Alert »

Our site visitors have spoken and we have...

Dutch National »

The High Tech Crime Team (THTC) of the...

Online Hazard Video’s Online Hazard »

SYMANTEC GUIDE TO SCARY INTERNET...

Do Know Evil: »

Posted by Bruce Leban, Software...

Online »

Many people might choose to have a vague...

Piracy Isn’t Being Avoided With The Antipiracy Foundation Scanner Piracy »

Piracy, particularly in music, has become...

Basic Internet Security Information and Tips Basic Internet »

We decided to point to a few basic tools and...

Recent Comments

Bank Advice

General

Law Enforcement

Recommended Sites

Site Facilities

Wanted or Missing

RSS Spam Alert News

  • Jan 2012 Spam Activities
    Event Type 403 – Webspam Target Page: /admin/file_manager.php/login.php Referring Page: Direct Hit Time: 27/01/2012 03:00:42 From IP: 207.45.178.42 NetRange: 207.45.176.0 – 207.45.191.255 Acenet Inc, 24445 Northwestern Highway Ste 225, Southfield, MI, 48075, US Event Type 403 – Webspam Target Page: … Continue reading → […]
  • November 2011 Botnet Activity
    Incident Type: RFI Attack Target:  /login.php?action=insert Referring Page:  Direct Hit Time:  13/11/2011 17:32:13 From IP:  216.38.62.82 Net Range:  216.38.62.82 – 216.38.62.85 (216.38.62.84/31 and 216.38.62.82/31 Company Name:  Bymacht, 19 Ubi Crescent No 01-01, Singapore, 408577, SG Abuse Phone:  +1-703-847-1381 Abuse Email:  … Continue reading → […]
  • Bergdorf Group
    LOCAL REFERENCES Information subjected to Disclaimer. Also see Company Bad Event History and Basic Qualities of a Principled Business. Description Available Information Last Update 2011-11-15 Company Name Bergdorf Group Physical Address In Constant Flux Phone In Constant Flux Abuse Email … Continue reading → […]
  • 605 Direct Hits from Botnet via four IP Addresses
    605 x Direct Hits from Botnet was detected via four IP Addresses owned by Liquid Web Inc in the USA, Empresa De Telecomunicaciones in Colombia, myLoc Enterprise and Strato Rechenzentrum in Germany. The Botnet Hit from the following IP Addresses:  … Continue reading → […]
  • Botnet Activity
    Remote File Injection attack detected from China Unicom and PIP Internet with spambot activity from Aruba. Incident Type: 403 – RFI Attack 80 x RFI Direct Hit Attack Target example: //databaseadmin/scripts/setup.php Time: 10/10/2011 04:09:38 From IP: 61.135.175.230 (61.135.0.0 – 61.135.255.255) … Continue reading → […]
  • Botnet Activity
    Remote File Injection attack detected from JTL Networks Inc and SingleHop Inc respectively hosted by ‘nhosting.eu’ and ‘tmdhosting.com’ Incident Type:  403 – RFI Attack Host:  s1.nhosting.eu Target:  /shop/admin/banner_manager.php/login.php?action=insert Referring Page:  Direct Hit Time:  02/10/2011 10:30:15 From IP:  69.36.8.62 NetRange:  69.36.0.0 … Contin […]