We all know the “500 Internal Server Error” but have you ever seen it on youtube.com: http://m.youtube.com/index?warned=1&session=% It says: Sorry, something went wrong. A team of highly trained monkeys has been dispatched to deal with this situation. Please report this incident to customer service. You guys made my day PS: For some reason you sometimes [...]

A working colleague of mine showed me a tool, which I think is really cool for automating tasks during web application security test, even if it’s not made especially for that. The tool I’m talking about is called Selenium Remote Control and licensed under the Apache 2.0 License. Let’s have a look at the description [...]

A colleague of mine asked me a few days ago, what he can do with an XSS on a BitTorrent Tracker site. The most obvious thing was of course to steal a logged in user’s session ID to get access to his account data which contains for example his “Private Tracker” login credentials and so [...]