last tools

[howdy]

Hello, I'm a web developer and I come from the amiga golden years ...
I hope this is the right place how to know users and more info about last techniques used to retrieve user passwords over internet ( not lan ).
I want to know the application security weak point.

In these days I've try some keylogger but all are normal application where the user know to be watched.
Sometimes ago I've found a good website *******ista.com where discover major tecqniques used.

Thanks.

[Ezekiel]

Quote:

Originally Posted by howdy

Hello, I'm a web developer and I come from the amiga golden years ...
I hope this is the right place how to know users and more info about last techniques used to retrieve user passwords over internet ( not lan ).
I want to know the application security weak point.

In these days I've try some keylogger but all are normal application where the user know to be watched.
Sometimes ago I've found a good website *******ista.com where discover major tecqniques used.

Thanks.

That didn't make much sense... Are you talking about software exploits, web exploits or something totally different?

If you're a web developer, I'm sure you already know that it's impossible to just 'grab' passwords over the Internet. Likewise, it's impossible to just plant malicious software on computers without exploiting the computer's server programs; something that's impossible when they are behind a router most people are).

[nozf3r4tu]

Mike....... i guess he didn't look in the tools section.
All he had to do was download the magicaltool program

[howdy]

Hi, Yes I'm web developer and yes I know that, but a "friend" (I prefer say people I know) tell me about spyware ans custom software exploit capable to grab password or save the page sourcefile in server side application. I know asp vbscript classic, php and coldfusion (basic because the cf hosting prices is high more than others).
I'm look for documents or others way for know all last techniques, I don't think are the same of one year ago... fake email, fake pages, js injection.. firefox have a lot of extension, like show the hiden field.. and I think a changes in techniques used how to attack a website.
Where I live a tv show hosted a guy, around in 30 mins. this guy (with a spiderman mask) have defaced a website and opened the ms sql database of that website !
I think to know very basic techniques I'm impressed by spiderguy!

Thankyou and sorry for my bad english.

[Ezekiel]

Quote:

Originally Posted by howdy

Hi, Yes I'm web developer and yes I know that, but a "friend" (I prefer say people I know) tell me about spyware ans custom software exploit capable to grab password or save the page sourcefile in server side application. I know asp vbscript classic, php and coldfusion (basic because the cf hosting prices is high more than others).
I'm look for documents or others way for know all last techniques, I don't think are the same of one year ago... fake email, fake pages, js injection.. firefox have a lot of extension, like show the hiden field.. and I think a changes in techniques used how to attack a website.
Where I live a tv show hosted a guy, around in 30 mins. this guy (with a spiderman mask) have defaced a website and opened the ms sql database of that website !
I think to know very basic techniques I'm impressed by spiderguy!

Thankyou and sorry for my bad english.

If you want to learn how to exploit websites, you have to learn about server-side scripting languages and browser scripting languages.

If you want to learn how to exploit software, you learn both a higher-level language and assembly.

It's really as simple as that. There's no secret techniques to it.