Cyberis Blog
Reassuringly clear thinking.
- Penetration testing
- Tools and techniques
Hacking An E-Commerce Site - For Fun Or Profit?
Having testing a number of e-commerce sites in recent times, I wanted to share some of the vulnerabilities encountered, and the reasons why someone would seek to exploit them. Recent high profile hacks in the media have rightly made retailers sit up and take notice of security - whilst PCI DSS attempts to mandate a certain level of assurance, the risk of losing substantial amounts of money and seriously damaging reputation focuses the attention on security more than any overarching standard.
- Research
- Tools and techniques
Harvesting Cross Site Scripting (XSS) Victims - Clicks, Keystrokes And Cookies
A couple of years ago I was inspired by @fmavituna's work on XSS Shell and decided to write a new extended version (XSS-Shell-NG) using a PHP and a MySQL backend rather than the ASP/Access combination of the original. I never released the tool publicly, as my main aim of making XSS Shell easier to use was never really accomplished; it still required a significant amount of set up to get it working. However, one thing that both tools did well once working was to demonstrate the real business impact of cross-site scripting.
- Tools and techniques
'Invisible Intercept' Function Of Burp
How would you go about intercepting HTTP traffic from non-proxy aware traffic? This article points you in the right direction...
- Tools and techniques
How To Detect Transparent Proxies
Ever wondered if your web traffic is being silently intercepted by a transparent proxy? Maybe you can find out...
Improve your security
Our experienced team will identify and address your most critical information security concerns.