Archive for June, 2012

SQL Injection through HTTP Headers

Wednesday, June 20th, 2012

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vulnerability scanners to use in order to avoid leaving vulnerabilities undiscovered in parts of the application?

 

http://resources.infosecinstitute.com/sql-injection-http-headers/

Setting up a pentest lab..

Sunday, June 3rd, 2012

 

Metasploit has a nice little tutorial on creating a lab at home :).

http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp

Where have I been?

Sunday, June 3rd, 2012

that is a great question..

I have been pretty busy with going to SANS, oh ya and being pregnant.  Yep.  I am now 13 weeks pregnant with twins.  So if i start making fewer posts please don’t beat me up.