a4apphack

Featured
Firefox
Internet
- Backup
- Blogs
- Browser
- Email
Leisure
- Cool Sites
Multimedia
- Graphics
- Images
- Movies
- Music
- Video
Programming
Security
- Browser
- Code
- Docs
- Tips
- Tools
- Tutorials
Softwares
- Download
- Fail
- Freeware
- Online
- Portable
- System Tools
Tips & Tricks
- Tutorials

Jarlsberg – Vulnerable Web Application At Google Code

Posted by rajivvishwa On May - 18 - 2010

Jarlsberg is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

Documentation Here

Jarlsberg - Hosted Vulnerable App

Read the rest of this entry »

Code, Tutorials

HTML5 CheatSheet Project

Posted by rajivvishwa On May - 14 - 2010

HTML5 is a new and upcoming technology which has enough features to introduce potential security issues if not properly implemented. A new project has been initiated in Google Code to keep developers updated on the security concerns to be kept in mind while developing their apps with HTML5.

Description of Project in Authors Terms,

This project is an attempt to create a well maintained, informative and categorized cheat sheet to highlight HTML5 as well as other client side and related security issues and ways to avoid them. The project is meant to target web developers as well as security researchers and especially browser vendors since many of the problems we found are based on faulty or quirky implementations. Focus is on completeness, comprehensibility and timeliness as well as continuity – benefits many other related cheat sheets don’t exactly provide.

Read the rest of this entry »

Browser, Code

Add Syntax Highlighting to SharePoint Sites

Posted by rajivvishwa On April - 9 - 2010

This post details about the steps to add Syntax Highlighting Feature to any SharePoint site where you have access to upload files to server. This can help people who embed code snippets in the SharePoint site and share it with their team.

Syntax Highlight Screenshot

Step 1

Download and extract SyntaxHighlighter scripts to your PC (Check the download link at the bottom of the post). Now access the SharePoint site and create a folder structure as shown in the below screenshot (i.e. to create ‘scripts’, ‘src’ and ‘styles’ folders inside syntax folder which is present in ‘Shared Documents’). Now upload the syntax highlighter files to appropriate folders.

Upload Scripts Folder Structure

Read the rest of this entry »

Featured, Tips & Tricks

HTML Purifier – Malicious Input Filtering (XSS Protection)

Posted by rajivvishwa On January - 27 - 2010

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will remove all malicious code (efficient filtering of XSS scripts) with a thoroughly audited, secure yet permissive whitelist.

HTML Comparison Chart

Quick Install

<?php
    require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php';
 
    $purifier = new HTMLPurifier();
    $clean_html = $purifier->purify($dirty_html);
?>

View Before-After XSS Filtering

View Demo: HTML Purifier

Download HTML Purfier : (More Info at: http://htmlpurifier.org/)

Security

Share and Collaborate Text or Code With Your Friends

Posted by rajivvishwa On March - 31 - 2009

FriendPaste is a web application that allows you to share, edit and collaborate your code with your peers in an easy and intuitive way. This application accepts the code and displays in friendly, syntax highlighted format to whoever asks for. The display can completely be customized and then it can be shared with anyone by sending the unique url which identifies shared code… It is that simple…

Read the rest of this entry »

Online, Programming

AppKeys – Suite of Simple Utilites With AHK

Posted by rajivvishwa On February - 23 - 2009

AppKeys is a suit of applications built based on AHK scripting language which can be invoked by using various keyboard shortcuts. The shortcuts can be modified by editing the ahk scripts. Running this ahk file will consume very less amount of memory and can run each command almost instantaneously. This suite of apps replaces dozens of applications which needs to be installed otherwise to do the same operations.

Read the rest of this entry »

Featured, Programming, Softwares, System Tools, Tips & Tricks

Alert For Missing Subject And Attachment in Outlook

Posted by rajivvishwa On January - 12 - 2009

Subject line in a mail is a key for identifying and digging the required mails from the mail archives. So we have to be careful not to miss it at any chance but unfortunately we do miss by accident. Another possible mistake we do is to miss the attachments mentioned in the mail.

Read the rest of this entry »

Email, Programming

Cross-site request forgery Demo

Posted by rajivvishwa On December - 31 - 2008

XSRF is an exploit where malicious scripts are transmitted from one trusted site to trigger undesirable operations in some other user authenticated trusted site. The user-website trust is broken and this is exploited.

Read the rest of this entry »

Programming, Security