Gamja Vulnerability Tool Cross Site Scripting XSS

XSS (Cross Site Scripting) is the #2 attack on the OWASP top 10.

Gamja is a platform independent XSS (Cross Site Scripting) and SQL Injection Scanner written in perl.

Gamja will find XSS(Cross site scripting) and SQL Injection weak point also URL parameter validation error.

Just like other open source tools Gamja is no longer be updated by the author but it is still a good choice to use, because it is free and it based on perl scripting, so there is no limitation of Operating system. If you are using Unix like system like Linux or BSD or if you are using Windows based system, in both case your can run gamja because it needs a perl program.

You can download Gamja from http://sourceforge.net/projects/gamja/

After you have downloaded and extracted Gamja it is very simple to use.

Open a Terminal and CD to the directory where you have extracted Gamja

 

Type gamja.pl and you will get some help on how to use Gamja.

To run a simple vulnerability scan in Terminal type gamja.pl http://sitetocheck.com. This will create a HTML report file, to see the vulnerabilities, in the same directory.

 

OWASP has started a monthly security blitz where we will rally the security community around a particular topic. The topic may be a vulnerability, defensive design approach, technology or even a methodology. All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic. Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.

CEH Exam Prep Clinic for Free

Live Online CEH Exam Prep Clinic for Free

 

If you are studying for the EC-Council Certified Ethical Hacker (CEH) get ready to boost your studies. LinkedIn Information Security Community, sponsored by the University of FairFax, is promoting a Certified Ethical Hacking (CEH) online click that you can take part entirely free, at no charge. This is an Exam Preparation Clinic taught by a leading CEH instructor and it's divided in two parts.

You can register for this clinic for free on the following URLs:

Session 1 : June 20, 2012 1:00-2:30pm ET
URL: http://www.brighttalk.com/webcast/5418/47637

Session 12: June 27, 2012 1:00-2:30pm ET
URL: http://www.brighttalk.com/webcast/5418/47639

The two valuable 1.5 hours sessions include a review of the six tasks and seven CEH knowledge doamins covered in the exam as well as a review of the sample exam questions.

If you've been studying for the CEH exam, you'll want to attend both sessions of the CEH Exam Prep Clinic sponsored by University of Fairfax and the Information Security Community. You'll learn strategies to increase your chances of success so you can pass the CEH Exam in 2012!

This CEH clinic is also available on demand following each session*. There is No Charge for you to attend! Register now to prepare for your CEH Exam.

Hacker Malware May Affect Hundreds Of Thousands Of Internet Users In July

Unbeknownst to most, hundreds of thousands of people could lose access to the internet this summer.

According to an article in the Daily Mail, the FBI has warned that internet users worldwide may lose access to the web in July after a massive hackers' advertising scam took control of a network of more than 570,000 computers. After July 9, infected users won't be able to connect to the Internet.

The FBI is encouraging computer users to visit www.dcwg.org, a website run by its security partner that contains information to see if your computer is infected. The website also offers a guide on how to fix the problem.

In November last year the FBI began to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

Tom Grasso, an FBI supervisory special agent, said: "We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service."

On the night of the arrests, officials brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using.

The malware turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system. The scam netted the hackers at least $14 million according to the FBI.

"The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken."

Most victims don't know that their computers have been infected by the DNS Malware.