Security-Database Blog

Netsparker Community Edition is False Positive Free and can detect both SQL Injection and Cross-site Scripting issues better than many other scanners.
Netsparker Community Edition also detects many other vulnerabilities such as finding and reporting backup files, source code disclosures, Crossdomain.xml issues, SVN/CVS disclosures, internal path disclosures, error messages and many more.

Splunk is software that provides unique visibility across your entire IT infrastructure from one place in real time. Only Splunk enables you to search, report, monitor and analyze streaming and historical data from any source.

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at al

SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above.

tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

This program intends to detect a malicious file in two ways; online and offline. It calculates the md5 hash of a specified file and searches it in its current hash set (offline) or on virustotal site (online) and show the result.

Zero Wine Tryouts is an open source malware analysis tool. Just upload your suspicious file (e.g. Windows executable file, PDF file) through the web interface and let it analyze.

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active respons