Aditya K Sood's (0kn0ck) Blog

This paper sheds light on the insecure coding practices that affect RSS based web applications and also on their flexibility. The advent of Web 2.0 has enhanced the mobility of content. The inclusion of content has become the sole basis for the inter-working of websites.

RSS feeds are used extensively. This serves as an interdependent working platform. But during penetration testing sessions, PHP based RSS applications show vulnerable behavior due to insecure coding. As a result of this, web application robustness is affected. This layout is versatile from a security point of view as well as from a working structure of applications. This paper discusses the infection vectors that occur due to insecure coding by developers and includes other related security issues. It will provide a detailed analysis of the errors and efficient measures to correct those errors, while keeping in mind the original security concerns.

You can have a look : Hakin9 / 4th Issue / 2008

Regards
0kn0ck

EvilFingers aims at uniting different pieces of information into one unanimous framework, where everything is mapped to everything else. This approach helps analysts, engineers, consultants and the management to understand the meaningful relationships between different parts of Information Security that could be lost if it remains untouched. Security has been there for several thousand years and yet when humans try deploying the same in different forms, there are several possibilities of misinterpretations that make it even harder to attain complete security. Our mission that we have chosen is to bring in as many resources as possible into one single roof to help this community.

Having said what our mission is, our approach is to successfully make our moves that take us closer towards our mission. Most of our projects are based on the data that has been collected by the others. Creating new projects on existing stuff or recycling the wheel is not the EvilFingers approach. What we aim at doing is to map the existing data that is out there in the free world, by using the meaningful mapping vectors and thereby finding out the missing pieces of the puzzle. Once the missing pieces are found, Wallah! We are done with our purpose. The work beyond our mission is to envision a future without any missing pieces and to set our goals to fill them up with our newer projects.

EVIL FINGERS

I will be leading one of the team for security projects. You can check this here:

Members at Evil Fingers.

Regards
0kn0ck

With the ever increasing demand of technology in service industry the service lines are getting messed up. There are lot of unmanaged stuff out there on the web. Developers do not check most of the code in websites but add related modules continuously with passage of time.So the website becomes a pool of messed web pages. There can be broken links or dismantled codes. As a result of which some code structures work fine with most of web pages and vice versa. A kind of insecurity persist in this.

Download the Case Study ; FaceBook Case Study

Regards
0kn0ck

The EuSecWest 2008 Speaker snapshots have been released at Flicker. You can see the pics directly from there.

Link:EuSecWest 2008 Speaker Pics

Enjoy , Regards
0kn0ck