Showing 13 results for: 2011 ×Penetration Testing ×

Advanced BNAT in the Wild

Just this week, we were asked to help out with some "TCP weirdness" that was identified out on a customer site during a penetration test. A port was identified as open, but when attempting to connect to the port, the...

What Do Bug Bounties Cover?

Over the past few days in the UK we have been bombarded with arguments and debates over the use of Facebook and other social networking sites due to the riots that we witnessed all over the country. However, in the...

A whole lot of Spiders at DEF CON 19

Next week members of Trustwave's SpiderLabs team will be headed to Las Vegas to attend DEF CON 19. Members of the team from every corner of the planet will be attendance. We are fortunate this year to have 15 members...

TWSL2011-006: IBM Web Application Firewall Bypass

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in the IBM Web Application Firewall (WAF). The IBM Web Application Firewall capabilities, inside IBM IPS products, complement IBM Security's portfolio of web application security...

My Other Ride is Your Image Upload Script

Many security issues are based upon mistaken assumptions. For instance, when testing applications, I often find that the user inputs left unsanitized are the ones that the developer does not believe can be modified, such as inputs from drop-down menus....

CSS and XSS in Melodious Harmony

Web application penetration testers, have you ever run into a situation where you can inject into the attribute of a tag and break out of the attribute, but not the tag? For those who can only <script> //<![CDATA[ alert('XSS') //]]>// </script> this is a...

SpiderLabs Radio Updated - Hack It! Edition for February 2011

A new SpiderLabs Radio - Hack It! Edition podcast has been uploaded. iTunes - Subscribe and download it from http://itunes.apple.com/us/podcast/id300567984 Hack It! Edition 02/11 This month, an Electro and Progressive Live Mix by SpiderLabs' Zack Fasel Track Listing: Feed Me...

thicknet: Griefing Boss Hogg

Most things I do seem really awesome at the time. Like the time I was at the Italian restaurant with my wife, and I made her a heart out of spaghetti. Or that time that I jumped onto the Chicago...

NASDAQ News Renews Focus (sort of)

NASDAQ News Renews Focus (sort of)Reactive security is a common theme within many organizations and the reaction is usually not swift. Anticipation of threats via news reports is a dangerous game.

Trustwave's Global Security Report 2011- Now Available

Today we released Trustwave's Global Security Report 2011 (short registration required). This marks the 4th year that we have published compromise trends and the 2nd year we have include an expanded data-set that also covers insights from both our penetration...

Trustwave's Global Security Report 2011: Web Application Risks

Yesterday, we released Trustwave's Global Security Report 2011 (short registration required). This report encompasses data gathered by the SpiderLabs Team during 220 forensic investigations and over 2,300 manual penetration tests. Notice the word "manual" was highlighted right? That means that...

SpiderLabs at Black Hat DC 2011

Next week, there will be several members of the SpiderLabs team at Black Hat DC. We'll be presenting talks during three different sessions. Each of these talks are on very relevant and interesting offensive security topics, so be sure not...