- If you are interested in IOS application hacking, here is an excellent cheat sheet from OWASP: https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet
- Ruby on Rail has a very good security guide http://guides.rubyonrails.org/security.html. Every product should have a similar security guide like this.
- It is not surprised that almost 1% of CMS have their configuration files open to the public. http://feross.org/cmsploit/. Next time, please make sure to check temporary files for those files:
wp-config.php # WordPress
config.php # phpBB, ExpressionEngine
configuration.php # Joomla
LocalSettings.php # MediaWiki
mt-config.cgi # Movable Type
settings.php # Drupal
For example:
wp-config.php~ # Vim, Gedit
#wp-config.php# # Emacs
wp-config.php.save # Nano
wp-config.php.swp # Vim (swap file)
wp-config.php.swo # Vim (swap file)
- If you do not know what Mass Assignment vulnerability, you should check http://blog.diniscruz.com/2013/01/odata-aspnet-web-api-mass-assignment.html
http://blog.mhartl.com/2008/09/21/mass-assignment-in-rails-applications/ - Top 10 tips to keep your kids safe online: http://nakedsecurity.sophos.com/2013/02/05/top-10-tips-kids-safe-online/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
- A free security book worth reading: Security Engineer by Ross Anderson: http://www.cl.cam.ac.uk/~rja14/book.html
- A good article about Using Content Security Policy to Prevent Cross-Site Scripting (XSS) http://blog.gdssecurity.com/labs/2013/2/5/using-content-security-policy-to-prevent-cross-site-scriptin.html
- Social Engineering Toolkit (SET) http://holisticinfosec.blogspot.com/2013/02/toolsmith-social-engineer-toolkit-set.html
No comments:
Post a Comment