Wfuzz is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
Scammers who try to trick victims into downloading fake antivirus software can strike almost anywhere. On Sunday they hit the website of Kaspersky Lab, a well-known antivirus vendor. Someone took advantage of a bug in a Web program used by the Kasperskyusa.com website and reprogrammed it to try and trick… Read more »
Attackers have begun exploiting a recently disclosed vulnerability in Microsoft web-development applications that opens password files and other sensitive data to interception and tampering. The vulnerability in the way ASP.Net apps encrypt data was disclosed last week at the Ekoparty Conference in Argentina. Microsoft on Friday issued a temporary fix… Read more »
A fully automated, active web application security reconnaissance tool. Key features include, High speed, pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with… Read more »