PUBLIC MARKS from "Xavier Lacot" with tag security

Ettercap is a comprehensive suite for leading man in the middle attacks.

jsOAuth is a Javascript implimentation of the OAuth protocol which can be used in CommonJS envireonments.

A very good talk by Sam Jarrett about the Symfony2 security layer

Bouncer is a real time statistics and security engine written in PHP5. It analyses the browser or bot version, and detects eventual bad behaviors in order to prevent spam.

A fully automated, active web application security reconnaissance tool. It creates a html reports which might prove useful for detecting security flaws or conception problems.

PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its 'Photo Recovery' name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your media's filesystem has been severely damaged or re-formatted

Un article très intéressant de devloop, au sujet du contournement de l'encryptage des disques sous Linux. Comme d'habitude, toujours aussi brillant !

Securing plain text passwords in MySQL is NEVER a good idea. As a DBA you should take great care in protecting the users' information. Fortunately MySQL provides you with several options to protect passwords.

The Hardened-PHP Project has the goal to help you with securing your applications and webpages.

The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.