Contact Us Resources Services About Us Home

• Research
• Projects

Projects

Below is a list of projects to which Leviathan Security Group employees routinely contribute

OWASP Encoding Project (Reform)

Web applications face any number of threats; one of them is cross-site scripting and related injection attacks. 90% of all web applications contain cross-site scripting attacks because they are easy to introduce, and the proper tools are not always available to prevent them. The Reform library provides a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc). The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.
http://www.owasp.org/index.php/Category:OWASP_Encoding_Project

OWASP .NET Web Service Validation

There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0). Additionally there was quasi support for schematron via Assert attributes. This allows for a very powerful input validation of web services. This is a project to provide continued support for this extension. There have been some updates to the original code, including moving to the .NET Framework v2.0.
http://www.owasp.org/index.php/.NET_Web_Service_Validation

Metasploit

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide.
http://www.metasploit.com/

Peach Fuzzer Framework

Peach is a cross-platform fuzzing framework written in Python. Peaches main goals include: short development time, code reuse, ease of use, and flexability
Developing Fuzzers with Peach 2.0 - http://peachfuzz.sourceforge.net/

SaferHtml

Project to validate an HTML document or blob does not contain "unsafe" HTML elements or attributes (such as OnClick, <script>, etc).
http://code.google.com/p/saferhtml/

WmiTool

A tool to help query and set wmi properties, namespaces, etc.
http://phed.org/pages/WmiTool

 

 

 

© Copyright 2007 Leviathan Security Group, Inc.