Monday, December 5, 2011

Vulnerable Virtual Machines

Setting up vulnerable Virtual Machines is one of the easiest ways to test exploitation techniques. These VM's can come in a variety of formats, but seem to be distributed mainly as either an ISO, or a directory you can place on a web server.

g0tmi1k has a great listing of vulnerable VM's with a link to each. It's worth checking out!

You can find the list here: http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

Friday, August 5, 2011

Cross Site Scripting (XSS) Attacks and Why We Should Care

Web applications are always becoming more and more complex. For many, trying to constantly push out new features as quickly as possible is causing security to be put at the back-burner of the development process. This could occur for a number of reasons including small development budgets, tight deadlines, and general unawareness of best security practices to name a few.

The result of not taking security seriously when developing software leads to vulnerabilities which put not only the organizations systems, but also potentially its reputation and customer's personal data at risk. This is largely the case when it comes to web-application vulnerabilities. There are many types of these vulnerabilities, but, for the sake of this article, we will cover a particular type of input validation vulnerability called Cross-Site Scripting (XSS) attacks.

Tuesday, August 2, 2011

Introduction

This blog is designed to be the homepage for the [as of now, unofficial] Texas Tech RaiderSec organization. The purpose of this organization is to invite anyone who wants to learn more about the security threats that plague our lives not only physically (locks and other physical security systems) but, increasingly, virtually as well.

Through organizational meetings, we hope that everyone can learn something about security and apply it to there lives. There will be hands-on demonstrations of real-world threats, as well as tips on mitigating these specific threats and improving one's security awareness in general. These demonstrations will include both online as well as physical security threats - analyzing how they work and how to protect against them.