[youtube=http://www.youtube.com/watch?v=RbL2ptbjoSA&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999]
One of the best tools we saw at LayerOne was the Exploit-Me series presented by [Dan Sinclair]. Security Compass created these tools to help developers easily identify cross site scripting (XSS) and SQL injection vulnerabilities.
Continue reading “Exploit-Me Firefox XSS And SQL Scanning Addon”
With the imminent release of Firefox 3 and Opera 9.5 being finalized this week, Lifehacker decided it was a good time to run the browsers head to head to see which was the fastest and least resource intensive. The testing system was a 2GHz 2GB Vista machine. The timing system used wasn’t directly hooked to the browser, so tests were repeated multiple times to improve accuracy. The cold start winner was Opera, but most browsers opened in about a second if they had been run recently. Safari did well loading content in multiple tabs at the same time, probably due to its short render times for JavaScript and CSS. The final test was memory usage; we’re sure many people will be happy to know that Firefox 3 RC3 only used 66% of the RAM required by the other three browsers.
[Rich] over at Securosis takes us through some of his browser paranoia exercises. He uses different browser profiles for different types of web activities. Based on potential risk, various tasks are separated to protect from CSRF attacks and more. Everyday browsing with low risk passwords is done in one. RSS reading with no passwords is done in another. He runs his personal blog in a browser dedicated just to that.
Fellow browser paranoia sufferers may want to consider Firefox plug-ins like NoScript and memory protection from Diehard.
