'Vulnerabilities'에 해당되는 글 4건

  1. 2011.10.30 HTTP Parameter Pollution Vulnerabilities
  2. 2011.01.13 OWASP Zed Attack Proxy Project
  3. 2010.09.14 Arirang - Powerful Webserver Security Scanner for Network (1)
2011.10.30 00:00

HTTP Parameter Pollution Vulnerabilities

HTTP 매개변수 오염(Parameter Pollution) 취약점 이슈


발표자료 : 
hpp-bhEU2011.pdf


관련자료 :
SCS3_2011_Balduzzi.pdf
AppsecEU09_CarettoniDiPaola_v0.8.pdf


Trackback 0 Comment 0
2011.01.13 19:07

OWASP Zed Attack Proxy Project




The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

The current version of ZAP is 1.2.0.


Trackback 0 Comment 0
2010.09.14 16:07

Arirang - Powerful Webserver Security Scanner for Network

Arirang is powerful webserver security scanner for network.

arirang different most cgi scanners(cgichk, ucgi, whisker, malice, nikto ...)
arirang based on twwwscan. designed to network scanner.

arirang can help network administrators find security vulnerabilities, auditing and patch in their webservers. 

this program was originally written under OpenBSD 2.8 2.9 

tested on OpenBSD 2.8 2.9 ,FreeBSD 4.3,NetBSD 1.5,Linux 2.2.16 2.4.4,Solaris 2.6, Solaris 5.7 Sparc,AIX 4.3

i wrote these tools with honest intentions to audit my own webserver and network.
Please do not abuse this software.


arirang 1.90 released for *BSD, Linux, Other Unix - 2010/09/06

supported SSL -S option
supported CIDR of domain name. -h yourdomain/24 
supported count of scan hosts
fixed connect timeout
applied recv timeout of rule scan. 
fixed gcc warning.
fixed few signal in old code. 
fixed few printing style.



Trackback 1 Comment 1
  1. aa 2011.05.10 00:15 address edit & del reply

    arirang build on linux needed to add -lresolv. if not, error occurred.
    proxy.c:(.text+0x46c): undefined reference to `__b64_ntop'