Saturday, April 25, 2009

20 ways to php Source code fuzzing (Auditing)

20 ways to php Source code fuzzing (Auditing)

Hello .

This article is only for who attend php as well and really knowing how to program In PHP.

When we talk about PHP Vulnerability discovery, we forget this Question:
What types of bugs?

When we can answer this Question, we will gain to find vulnerability as well as drink some water.

Reading in this article :

Section 1 : (20 ways to PHP source code Auditing - PHP Fuzzing)
1- Cross Site Scripting
2- SQL Injection [medium]
3- HTTP Response Splitting [Medium]
4- Dynamic Evaluation Vulnerabilities [High]
5- Process Control / PHP Code Injection (HIGH)
6- Local / Remote file inclusion (High)
7 – File Management (HIGH)
8- Buffer overflows (High, But Hard Usage)
9- Cookie / Session injection / Fixation / [High]
10 – Denial Of service [Medium, But Hard Assessment]:
11 - XPath Injection [XML Functions]
12 - Often Misused: File Uploads (High)
13 - Un-Authorize summon of Functionality / File (Medium)
14 - Authentication Bypass with Brute Force (Low)
15 - Insecure Randomness Session / Cookie / Backup files (Medium)
16 - Informative details in HTML Comments (Low)
17 - Default unnecessary installation files (medium)
18 – Regular Expression Vulnerability (High)
19 – Resource Injection (Medium)
20 – Week Password / Encryption: (Low)

Section 2:
Automatic PHP Auditor source code

This article is not a full reference about PHP source code security review (a.k.a auditing) but I tried to do this work in my short time as well. So please take my apology about all of mistakes (maybe) I made during completing this article. I’m not sure but maybe I’ve release future version of this article that contain a few more advanced methods.

Here is some of future talk and topics may I add this article in next version:
1- More Real world Attack with Description
2- PHPIDS Defense.
3- More Dangerous Functions: CURL – socket – creat_function & ….
4- Talk About pear functions and security of used.
5- Information About Books of PHP Securea Coding.
6- And ETC

Download :

php-fuzzing-auditing-version-1.0

thanks.

Daphne

http://abysssec.com/blog/2009/03/php_fuzz_audit/

Monday, April 20, 2009

Information Gathering

New School Information New School Information Gathering Gathering
http://www.toorcon.org/tcx/17_Gates.pdf
@
http://www.carnal0wnage.com/research/newschoolinfogathering-chicagocon.pdf

Information Gathering: The Complete Documentation
http://www.l0t3k.org/security/docs/gathering/

Passive Information Gathering Techniques
http://seclists.org/basics/2004/Feb/0073.html

Saturday, April 18, 2009

Wireless Attacks and Penetration Testing

Wireless Attacks and Penetration Testing (part 1 of 3)
Jonathan Hassell 2004-06-03
http://www.securityfocus.com/infocus/1783

Wireless Attacks and Penetration Testing (part 2 of 3)
Jonathan Hassell 2004-06-14
http://www.securityfocus.com/infocus/1785

Wireless Attacks and Penetration Testing (part 3 of 3)
Jonathan Hassell 2004-07-26
http://www.securityfocus.com/infocus/1792


Figure 1: Sniffing packets with AirSnort

LinkWithin

Related Posts with Thumbnails