Webantix

What is upSploit?

upSploit is a free service to the IT security industry to enable vulnerability and exploit advisories to be distributed between the founder, vendor and other security professionals easily. This Vulnerability Advisory Gateway (VAG) should break down the barriers for security researchers and professionals to pass details of vulnerabilities to vendors in a structured easy to follow process. (continue reading…)

After a few months of hard work and a large number of emails between Ryan Dewhurst(@ethicalhack3r) and myself we have managed to create a LiveCD distribution of Damn Vulnerable Web App.
(continue reading…)

After running a number of tests on my own server I kept on seeing that by default Apache leaks a lot of information. Maybe not the most extreme threat, but still giving a little to much away for my liking.

The three main leaks are

• Apache version on errors

 (Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 Server at 10.0.0.1 Port 80)

• Apache advertising itself in the headers

 (Server - Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.12 OpenSSL/0.9.8e-fips-rhel5)

• PHP advertsining itself in the headers

 (X-Powered-By - PHP/5.2.6-2ubuntu4.6)

Below is how to turn these settings off to keep your footprint to a minimum.

(continue reading…)

During an install at a customers site, the customer requested that his Blue Coat SG proxy gateway was put in Transparent mode. I was happy to do this as it is quite simple to set up. Once it was up and running he decided that the users should be authenticated. This is where the problems started.

(continue reading…)