Gnucitizen has started a new project called Secapps which will be hosting all online web tools. Seems to be nice idea. As of now, they have hosted 2 tools: GHBD and CSRF. Both seem to be nice tool especially the GHDB tool. It has coded a huge DB of Goodle dorks from Johnny.ihackstuff.com.
The project is still in its beta version but looks promising.
Web Application Security | w0lf | October 3, 2008 | 
Comments (0)
Four leading websites were or are vulnerable to Cross Site Request Forgery (CSRF) attack according to Princeton University researchers. While ING Direct, YouTube and Metafilter have taken action to address the cross-site-request-forgery (CSRF) vulnerabilities, the fourth site, belonging to The New York Times, has not been fixed !
CSRF flaws can be exploited so a user’s browser is hijacked during a session and used to access a secure target site. As web authentication normally relies on cookies containing a pseudo-random session identifier, attributed to a browser at the beginning of a session, a hacker can perform actions normally restricted to the user if that browser is hijacked during the session
Network Security | Ne0 | October 1, 2008 | Comments (4)
