SecurityRatty: tag: scripts

Matt Asay again shows that he doesn't know much about open source security

2008-05-15 22:43:17 by HASH0x8b563c4 in StillSecure, After All These Years

...scripts which run in Nessus, which are likewise no longer and some say never were open sourced. I know Ron Gula pretty well and understand perfectly why Nessus is no longer under a GPL license for a few years now. I also understand the economics and reasons why they would charge for their NASL feed. I think it is good business and more power...

Tags: matt, matt asay, matt sticks, matt talks, comments matt leaves, source, reason matt, scripts, word scripts

Enabling hierarchical nant builds

2008-03-07 05:49:00 by Keith Brown in Security Briefs

...scripts are run with tasks, and they see those properties. But if I want to drill down into the tree and run one of the build scripts lower down, suddenly there's problems because it depends on properties that are only defined in the root script. I really like being able to run builds from anywhere in the tree for perf - if I'm trying to fix...

Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return

Enabling hierarchical nant builds

2008-03-07 12:49:00 by keith-brown in Security Briefs

...scripts are run with tasks, and they see those properties. But if I want to drill down into the tree and run one of the build scripts lower down, suddenly there's problems because it depends on properties that are only defined in the root script. I really like being able to run builds from anywhere in the tree for perf - if I'm trying to fix...

Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return

Enabling hierarchical nant builds

2008-03-07 12:49:00 by keith-brown in Security Briefs

...scripts are run with tasks, and they see those properties. But if I want to drill down into the tree and run one of the build scripts lower down, suddenly there's problems because it depends on properties that are only defined in the root script. I really like being able to run builds from anywhere in the tree for perf - if I'm trying to fix...

Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...scripts to perform unauthorized actions in the context of the victim's web session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately sanitized. A web application that is vulnerable to XSS can be exploited in two major ways Stored XSS -...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

The Zeus Crimeware Kit Vulnerable to Remotely Exploitable Flaw

2008-06-18 17:45:15 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...scripts (web shells and backdoors) from the directory in which it stores the stolen data. Ironically, "Zeus users are advised to take care of their directory permissions, and forbid the execution of scripts from the folder holding all the encrypted stolen information The implications of this flaw are huge, since, what used to be the practice...

Tags: zeus, russian business network, crimeware kit, zeus users, vulnerability, vulnerability research, kit, security community, security community starts

Cross-site scripting CAN be used to hack a server

2008-08-05 22:06:00 by Russ McRee in HolisticInfoSec.org

...scripts. It's only a text file, after all. Assuming we set our email address to onmouseover="alert(1337 When the friendly system administrator tries to reset our email address (because we forgot our password, obviously), he will receive an alert box in his browser But an alert box doesn't really demonstrate anything. Fortunately the WHM (Web...

Tags: server, server hack, hack, manager, file manager tool, file, root password, email, cpanel user

Planning for Failure

2007-12-02 11:27:00 by Keith Brown in Security Briefs

...scripts in place that will reinstall your web applications as soon as the sysadmin plugs in a new box with a fresh, blank, patched OS I happen to be using PowerShell to build some of this out for Pluralsight, and hey, like most of us, I'm still learning it

Tags: security feature, disaster recovery plan, security, web applications, web server, sysadmin plugs, machine, scenario, hey

Setting file ACLs with PowerShell part 4

2007-11-29 09:34:00 by Keith Brown in Security Briefs

...scripts. But this feature also has a nifty side effect that Bruce describes in his book . You can use this to get a quick listing of enumeration values Security.AccessControl.FileSystemRights] "foo" Cannot convert value "foo" to type "System.Security.AccessControl.FileSystemRights" due to invalid enumeration values. Specify one of the...

Tags: values, invalid enumeration values, enumeration, enumeration values, new-object security, object, powershell, invalid cast exception, cast

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo