everburning

The University of Washington has posted slides, notes and videos of the Winter 2006 Practical Aspects of Modern Cryptography course.

Security Compass released two beta tools in the Exploit-Me series. These tools, XSS-Me and SQL Inject-Me, are Firefox plugins to help test for security vulnerabilities.

XSS-Me does Cross Site Scripting (XSS) injection against the forms on a page. This will send a predefined set of attack strings against the website to see if the site reflects the content back to the user.

SQL Inject-Me is a tool to do some SQL injection tests against an application. It will send a series of SQL commands and attempt to make the database return an error message to the user.

Anyway, check out the Exploit-Me site and give the tools a try. If you find any issues you can report them to bugs at securitycompass.com.

Oh, and as an added bonus, the tools are being released under the GPL v3. We’re working on getting bug tracking, mailing lists and all that other infrastructure setup for the project.

Apparently, no-one shot me again. I’m still kicking. A little behind on the blogging so I’m not going to catch up. I’ll just skim the last month. Owen and Natalies wedding was a lot of fun. I left my position at TrekLogic for one at Security Compass which should be interesting.

There have been some books, some movies, some video games. Other events, trials and tribulations. But, that’s the condensed version.

Hopefully things are slowing down a bit and I’ll be blogging regular like again but we’ll see.