Protect Against XSS by Enabling HttpOnly for Linux Apache PHP | HttpOnly is a session cookie flag created to protect against cross site scripting and theft of session cookies. For good security, this should be enabled for PHP running under Apache especially for sites such as WordPress, Drupal, Joomla, and other popular PHP-based web applications. OWASP has some information on HttpOnly. I’ll show you how to
Safari Browser – Not Safe
Safari Browser – Not Safe | Current versions of Firefox, Chrome, and IE9 have built-in protection or filtering to prevent social engineering execution of XSS and javascript in the URL bar. (As of this writing, Firefox 12, Chrome 18). The only major browser that currently does _not_ do so well for these protections is Safari. Safari 5.1.5 on OS X Lion
Vanguard Web App Scanner – Detect XSS and SQL Injection
Vanguard Web App Scanner – Detect XSS and SQL Injection | Vanguard is a web app vulnerability scanner that checks your website for SQL injection and XSS. Vanguard is entirely in perl, so it is easy to modify for your needs. Vanguard works by first doing a port scan with nmap to determine if the host has available HTTP ports, next crawls the entire site, and
WPScan WordPress Vulnerability Scanner
WPScan WordPress Vulnerability Scanner | WPScan is a nifty WordPress vulnerability scanner. It can do things such as scan for installed plugins and provide vulnerability information based on results. It is part of Backtrack, which is handy as well! Here’s how wpscan looks checking scottlinux.com: root@bt:/pentest/web/wpscan# ruby wpscan.rb –url scottlinux.com –enumerate p
