The web application hackers training tool kit

17th January 2007

Windows 2000 or higher

£67.00 (inc VAT)

1 x eBook
3 x DVDs

Abstract:

This trianing product is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots, videos and code extracts. The product is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This training tool describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.

The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Blak Hat security conferences throughout the world.

Includes 3 DVD videos

Buy now:

*Temporarily out of stock

Windows Permission Identifier v1.0 [ZIP 392 KB]

17th January 2006

Windows 2000 or higher

Nathan House

This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine.

Windows Permission Identifier can check; File ACLs, Folder ACLs, Registry ACLs, Services Permissions, Shares, Installation rights, Internet Access and so on.

The GUI enables the administrator to create policies against which the tests are performed. This enables administrators to run checks against existing organizational windows security baseline documents. Policies can be saved in XML format and all results can be exported for further use.

Firewall Test Agent v1.1[ZIP 774 KB]

23rd June 2005

Windows 2000 or higher

Nathan House

This simple tool can be used to test and log the rules on a firewall. The Firewall Test Agent is able to open up any number of TCP and UDP ports on a windows machine and log any connection attempt. A port scanner or other such tool can then be used to scan through the firewall to find which ports have been allowed through in the firewall rule base. This tool is useful when you don't have access to the firewall rules.

This tool could also be used to monitor port scan attempts which are usually a precursor to an intrusion attempt.

IP 2 IP Chat v1.0 [ZIP 358K]

4th May 2005

Windows 2000 or higher (Probably!)

Nathan House

Very basic IP to IP chat tool. Taken from Borland C++Builder library. I created this when on site with another security consultant and we needed to communicate but couldn't use Internet based messengers due to proxy configuration. Listens on TCP port 1024.