Surviving the Week 07/06/2012

Huge SQL injection knowledge base

NTObjectives released a SQL Injection cheat sheet which can be found at http://www.ntobjectives.com/go/sql-injection-cheat-sheet/, A more comprehensive knowledge base of SQL injection can be found at – http://websec.ca/kb/sql_injection

Hidden bugs that made Amazon Web Service outage worse

Amazon web services on the east coast was down due to an electrical storm.  Along with the power outage, Amazon discovered unforseen bugs in their services code which increased their outage. Amazon accepted that they have never came across such a bug. -  http://packetstormsecurity.org/news/view/21192/Hidden-Bugs-That-Made-Amazon-Web-Service-Outage-Worse.html

Three critical fixes planned for July’s Patch Tuesday – Critical

Microsoft is planning to release nine bulletins during tuesday;s July security update, this release includes patches for Windows XP, Vista, Windows 7 & Windows 2008.  This patch set adresses critical flaws that could allow remote code execution across the entire family of products and makes a very interesting vector for worm development.  Start preparing to patch your windows networks – http://packetstormsecurity.org/news/view/21204/Three-Critical-Fixes-Planned-For-Patch-Tuesday.html

WordPress closes XSS, XSRF and information disclosure bugs

If you run a WordPress site,  consider updating to the latest 3.4.1 verion.  Prior versions, like 3.4.0, can allow a remote authenticated user to perform questionable activity such as install code to steal other users authentication cookies.

http://www.securitytracker.com/id/1027219

Last updated by at .

About Dan Kuykendall

Dan Kuykendall is the CTO and Co-CEO at NT OBJECTives. Dan is a founder of NT OBJECTives and has been with the company for more than 10 years. He is responsible for the strategic direction and development of products and services and works closely with technology partners to make sure integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques. Dan joined NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company’s flagship product, FoundScan. Prior to Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis. Dan is a regular blogger on web application security issues on ManVsWebApp.com and co-hosts An Information Security Place Podcast. His has presented on the topics of mobile and application security at many of the top security industry conferences such as ISSA (2011), B-Sides (2012-2013), OWASP AppSecUSA (2012), HouSecCon (2010-2012), ToorCon (2013) and THOTCON (2013). Dan has been involved with Web Application Security Consortium and is a regular contributor to many open source development projects including founding the RPM Builder, phpGroupWare and podPress projects. Connect with Dan on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *