IIS Level SQL Injection Prevention

  • Posted on: 3 September 2015
  • By: siteadm

It has been long time since my last post, I have been really busy these days. But I hope this nice post would compensate for days I didn't post anything. So this post has a back story, but again, I can not go in detail, can not name any particular application or company. So I won't be disclosing any information regarding the case, but I will do my best to explain the situation.

Tiny Malware PoC: Malware Without IAT, DATA OR Resource Section

  • Posted on: 13 August 2014
  • By: siteadm

Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that it's possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things. So to summarize, this tiny app:

- Enumerates following APIs:


Basic Secure Web Application Programming Practices

  • Posted on: 6 August 2014
  • By: siteadm

When you learn that a company web server compromised because of a small programming mistake in PHP and it was possible to stop the attack by calling a function, you will want to learn more about all those "function calls".
Basically, in this post, I'll talk about possible attacks to web applications and how to stop them.

Startup Companies and Web Security

  • Posted on: 4 August 2014
  • By: siteadm

When you talk to enterprise companies with several years of experience, possibly they know very well how important web security is. In case they haven't experienced any security breach, at least they have heard about other companies experiencing data leaks and security breaches. So I'm not talking to them in this post, they should have already learnt importance of IT security.

But when it comes to startup companies, they don't even know about IT security. A lot of them don't care about it, they never take it serious, you would hear responses like: