Webantix

What is upSploit?

upSploit is a free service to the IT security industry to enable vulnerability and exploit advisories to be distributed between the founder, vendor and other security professionals easily. This Vulnerability Advisory Gateway (VAG) should break down the barriers for security researchers and professionals to pass details of vulnerabilities to vendors in a structured easy to follow process. (continue reading…)

I have seen on my Xmarks mobile website that I have bookmarked on my home screen on my iPhone does not have the usual screen shot logo. Instead it has a Xmarks logo in place which makes it look more like an app than a website. I thought this is pretty cool and know that my own site has a mobile version so I thought it would be a good addition to my site.

So it just takes the usual favicon right?? Well that’s what I first thought but sadly, no.

(continue reading…)

After a few months of hard work and a large number of emails between Ryan Dewhurst(@ethicalhack3r) and myself we have managed to create a LiveCD distribution of Damn Vulnerable Web App.
(continue reading…)

After running a number of tests on my own server I kept on seeing that by default Apache leaks a lot of information. Maybe not the most extreme threat, but still giving a little to much away for my liking.

The three main leaks are

• Apache version on errors

 (Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 Server at 10.0.0.1 Port 80)

• Apache advertising itself in the headers

 (Server - Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.12 OpenSSL/0.9.8e-fips-rhel5)

• PHP advertsining itself in the headers

 (X-Powered-By - PHP/5.2.6-2ubuntu4.6)

Below is how to turn these settings off to keep your footprint to a minimum.

(continue reading…)