THP Wisec USH DigitalBullets TheHackersPlace network
The WIse SECurity
.italian
.english
Wisec Home SecSearch Projects Papers Security Thoughts
 
News
Flash Application Testing: A New Vector for XSS and Cross Site Flashing.
IE and Firefox Digest Authentication Request Splitting.
Php import_req_var globals overwrite Advisory.
Subverting Ajax - The Paper.
Adobe Plugin Multiple Vulnerabilities.
Wisec@23rd.CCC Congress in Berlin - 29th Dec. 2006 - Subverting Ajax.
SecSearch. Search Engine for Security Community.
Mysql COM_TABLE_DUMP Flaws.
Mysql Anonymous login Flaw.
A new project to stop embed passwords in Php scripts: PassBroker.
MySQL new three vulnerabilities unleashed
PHP shmop safemode bypass
PHP RFC1867 Vuln - POC Released!
Search on Wisec
Google

Wisec Projects

Mod Anti Tamper for Apache 2

AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines.
Moreover, attack techniques like Http Response Splitting and session hijacking/fixation will be mitigated.
For a quick and dirty start go to examples/README.
Is important to notice that mod_anti_tamper is not an alternative to mod_security, which is more exaustive and useful for all web situations.
AT could be a complement to mod_security.


Go to Mod Anti Tamper Page.

PassBroker for Php

If you have ever asked yourself:
"How could I hide username and passwords in order to prevent unauthorized users from steal them?"
Then you are the right guy in the right place, and i suggest you to install PassBroker on your own website.

PassBroker is a PHP extension, written in c which dispatch informations you don't want to directly embed inside a PHP script. PassBroker will give the script only the secrets it needs according to a user defined ruleset.

Go to PassBroker Page.

HMAuth

When there is the need to authenticate users from a web page, passwords
are often sent on a insecure channel, this could lead to have our own
passwords sniffed (read CMS & Co.).
This is a way to avoid the passage of passwords from a user login html form
on an insecure channel.
An easy way to improve your users' security for ready-to-use (or not) CMSs.

Go to HMAuth Page.

Wisec is brought to you by...

Wisec is written and mantained by Stefano Di Paola.

Wisec uses open standards, including XHTML, CSS2, and XML-RPC.

All Rights Reserved 2004
All hosted messages and metadata are owned by their respective authors.