Friday, July 29, 2011
Thursday, July 21, 2011
Cisco IOS Software Checker
Security Intelligence Operations (SIO) Portal:
Cisco IOS Software Checker:
"Use the Cisco IOS Software Checker tool to search for Cisco Security Advisories that address specific Cisco IOS Software releases. Simply select a release from the drop-down menu, paste in show version command output, or upload a file from your local system."
Tuesday, July 19, 2011
Monday, July 18, 2011
Friday, July 15, 2011
Sunday, July 10, 2011
Google Labs runs a web “hackme” application on Google Apps (infosec)
Google Labs runs a web “hackme” application on Google Apps that is free to use and provides a host of atypical web vulnerabilities to exploit.
https://google-gruyere.appspot.com/
From the website:
This codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.
Good exercises for web developers, infosec geeks and the security curious. A little easier to use than having to set up VMWare, java, etc for other hackmes.
https://google-gruyere.appspot.com/
From the website:
This codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.
Good exercises for web developers, infosec geeks and the security curious. A little easier to use than having to set up VMWare, java, etc for other hackmes.
Saturday, July 02, 2011
Friday, July 01, 2011
setting cookies & doing redirects in clunky frameworks
Sometimes when doing operation and maintenance coding you find yourself working a framework where the original developers left some functionality out and adding the "right way" is just not worth the effort. In these types of scenarios it is good to know about "http-equiv" meta tags.
my $server_type_filter = $cgi->param('server_type_filter_text_area');
# a clunky solution for a clunky framework
print "<meta http-equiv=\"Set-Cookie\" content=\"server_type_filter=$server_type_filter; path=/; expires=\"\"\">\n";
print "<meta http-equiv=\"refresh\" content=\"0\">\n";
}
sub upd_server_type_filter {
- Setting cookies & redirection
my $server_type_filter = $cgi->param('server_type_filter_text_area');
# a clunky solution for a clunky framework
print "<meta http-equiv=\"Set-Cookie\" content=\"server_type_filter=$server_type_filter; path=/; expires=\"\"\">\n";
print "<meta http-equiv=\"refresh\" content=\"0\">\n";
}
- Getting the cookie
sub get_server_type_filter {
my @filter;
# fetch cookies
my %cookies = CGI::Cookie->fetch;
my $server_type_filter = $cookies{'server_type_filter'}->value if $cookies{'server_type_filter'};
$server_type_filter =~ s/\s//g;
@filter = split /,/, $server_type_filter;
return @filter;
}
Subscribe to:
Posts (Atom)