Cyberis Blog
Reassuringly clear thinking.
- Research
- Tools and techniques
Testing Access Controls On Large Web Applications
Testing access controls on web applications can be a difficult task if presented with multiple user roles and a large number of pages. Depending on the application, unauthorised access to a page may result in a client error code (40X), a redirect (30X), a straight 200 with an error message within the page, or possibly even a server-side error (50X). This is how we approach the problem...
- Research
- Tools and techniques
Evading .NET And Browser XSS Protection With Attribute Based XSS
.NET applications offer good protection against basic reflected XSS vectors. Since .NET 1.1, ValidateRequest has been examining client supplied input for "supicious" characters, and throwing a helpful error message if such characters are found within a GET or POST request. These days, an attempt to perform the classic will likely fail against the majority of .NET applications with the well known "A potentially dangerous Request.Form value was detected from the client..". Does that mean XSS in .NET is dead?
- Penetration testing
- Tools and techniques
Hacking An E-Commerce Site - For Fun Or Profit?
Having testing a number of e-commerce sites in recent times, I wanted to share some of the vulnerabilities encountered, and the reasons why someone would seek to exploit them. Recent high profile hacks in the media have rightly made retailers sit up and take notice of security - whilst PCI DSS attempts to mandate a certain level of assurance, the risk of losing substantial amounts of money and seriously damaging reputation focuses the attention on security more than any overarching standard.
- Research
- Tools and techniques
Harvesting Cross Site Scripting (XSS) Victims - Clicks, Keystrokes And Cookies
A couple of years ago I was inspired by @fmavituna's work on XSS Shell and decided to write a new extended version (XSS-Shell-NG) using a PHP and a MySQL backend rather than the ASP/Access combination of the original. I never released the tool publicly, as my main aim of making XSS Shell easier to use was never really accomplished; it still required a significant amount of set up to get it working. However, one thing that both tools did well once working was to demonstrate the real business impact of cross-site scripting.
- Tools and techniques
'Invisible Intercept' Function Of Burp
How would you go about intercepting HTTP traffic from non-proxy aware traffic? This article points you in the right direction...
- Tools and techniques
How To Detect Transparent Proxies
Ever wondered if your web traffic is being silently intercepted by a transparent proxy? Maybe you can find out...
Improve your security
Our experienced team will identify and address your most critical information security concerns.