Leaderboard

Salut, Merge, mi-am luat si eu vreao 3-4 in dimineata asta . Daca aveti mai multe conturi de fb, luati pe toate.

Nici cu gramatica se pare.

https://drive.google.com/file/d/0B7STUKz...sp=sharing Pass to the file is: FnJ@HF

In acest an conferinta OWASP locala va avea loc pe 6 octombrie la Sheraton Hotel Bucharest si va fi un eveniment de o zi cu prezentari si doua traininguri focusate pe securitatea aplicatiilor. Detaliile despre OWASP Bucharest AppSec Conference 2016 vor fi publicate aici: https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2016 Inregistrarea prezentarilor se realizeaza aici. Oportunitatile de sponsorizare sunt in acest document. Va puteti inscrie cu prezentari sau workshop-uri din urmatoarele arii si nu numai: • Security aspects of new / emerging web technologies / paradigms / languages / frameworks • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC, etc. • Security of web frameworks (Struts, Spring, ASP.Net MVC, RoR, etc) • Vulnerability analysis (code review, pentest, static analysis etc) • Threat modelling of applications • Mobile security and security for the mobile web • Cloud security • Browser security and local storage • Countermeasures for application vulnerabilities • New technologies, paradigms, tools • Application security awareness and education • Security in web services, REST, and service oriented architectures • Privacy in web apps, Web services and data storage Important: termenul limita pentru inscrierea prezentarilor este 28 august lista speakerilor confirmati va fi anuntata pe 1 septembrie conferinta va avea loc pe 6 octombrie prezentarile vor avea durata de 40 de minute fiecare va exista un speaker agreement

E destul de greu sa incepi proiecte daca nu ai cunostinele de baza. Sa faci un proiect cu bucati de cod copy-paste de pe diferite site-uri nu o sa iti aduca cunostinte noi, o sa-ti creeze doar falsa impresie ca stii ceva. Incearca sa inveti si sa obtii un certificat intr-un domeniu in care iti place: programare, linux, baze de date, etc. In felul asta esti motivat pentru ca dai bani din buzunar pentru certificare. Cunostintele si certificarea sunt bune atunci cand esti la inceput de drum. Poti sa te uiti la certificarile oferite de oracle, microsoft, cisco, comptia, lpic, etc.

EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS 1. Abstract Due to the increasing use of Web-Application Firewalls, I conducted a research on all wellknown Web-Application Firewalls to check their efficiency in protecting against cross-site scripting attacks. The motive behind this research was to confirm that there is no effective way to protect against a vulnerability other than fixing its root cause. The tests were conducted against popular Web-Application Firewalls, such as F5 Big IP, Imperva Incapsula, AQTRONIX WebKnight, PHP-IDS, Mod-Security, Sucuri, QuickDefense, Barracuda WAF, and they were all evaded within the research. 2. Introduction A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Usually, those rules protect against common threats, such as cross-site scripting (XSS), SQL injection (SQLI), and other common web-application related vulnerabilities. In my tests, I focused on finding methods to bypass WAFs protection against cross-site scripting vulnerabilities. "Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site"[1]. Download: https://www.exploit-db.com/docs/38117.pdf

Huooo, labarilor. A cerut omul o idee de munca, sa faca un ban in plus si ati sarit pe el precum scroafele homosexuale in calduri :))))

Salut baieti, Pentru toti cei care vor sa faca o copie a oricarui website, va recomand (dupa lungi testari) HTTrack Website Copier. Interfata nu este foarte complicata asa ca nu o sa intru prea mult in detalii, va las sa experimentati ... ai nevoie doar de cateva tweak-uri si multa rabdare pentru a copia ORICE site. Eu am incercat mai multe, de la site-uri simple pana la unele cu securitate ridicata. Cea mai mare problema pe care o poti intalni atunci cand vrei sa copiezi un website este aceea a conexiunii programului catre website, deci, acolo va trebui sa umblati un pic in cazul in care nu reusiti (tipul de browser, etc.) . Daca aveti ceva intrebari si va pot ajuta, nu ezitati sa postati aici . Multa bafta! Link download si mai multe informatii(Engleza) aici : http://www.httrack.com/