In his demonstration at 7Safe’s IT Security Knowledge Share Evening, Consultant, Aleksander Gorkowienko showed the audience a real life exploitation scenario of XSS flaw which is one of the vulnerabilities most frequently found during everyday penetration testing. The live demo illustrated how an attacker may exploit Persistent Cross-Site Scripting flaw, steal a user’s cookie then takeover his session and access sensitive information (e.g. bank statements).

Video : > Click <

About Lens

Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.

You can use our Lens tool to test your site against the following attacks.

* Session state
o Eavesdropping
o Session fixation (available in v.1.0.0.1)
* Forms authentication
o Eavesdropping
* ViewState
o Eavesdropping (available in v.1.0.0.1)
o Information disclosure (available in v.1.0.0.1)
o Event handler bypass
* Event handling
o Postback to disabled controls
o Postback to invisible controls
* One-click attack

System Requirements

.NET Framework 4 (Full Profile)

Download : http://ethicalhackingaspnet.codeplex.com/