Permalink
Browse files

style changes, new general security post, added tools to list, change…

…d titles
  • Loading branch information...
1 parent ad3095c commit 184b537ce03c0bf8f9beba54d9400a35cc3ceda5 @yaph yaph committed Nov 27, 2011
Showing with 128 additions and 27 deletions.
  1. +1 −1 README.md
  2. +13 −11 static/css/style.css
  3. +1 −1 templates/articles.html
  4. +4 −2 templates/base.html
  5. +2 −1 templates/index.html
  6. +66 −0 templates/security.html
  7. +40 −10 templates/tools.html
  8. +1 −1 templates/videos.html
View
@@ -3,5 +3,5 @@
Learn more about the tool on the project's [about page](http://www.domxssscanner.com/info/about)
## TODOs
-
+- Make small sticky toolbar style form on top in content pages
- Check whether it's possible to have sub directories in templates dir, which worked in Django 0.96 but not in 1.2 (see http://stackoverflow.com/questions/1081949/differences-in-django-template-inheritance-between-0-96-and-1-0) or use a better template engine
View
@@ -142,11 +142,11 @@ body, select, input, textarea {
}
body {
font-size:1.1em;
-color:#3d5c3d;
-background: #000; /* old browsers */
-background: -moz-linear-gradient(top, #000 0%, #0a0a0a 100%); /* firefox */
-background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#000), color-stop(100%,#0a0a0a)); /* webkit */
-filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#000', endColorstr='#0a0a0a',GradientType=0 ); /* ie */
+color:#336c3d;
+background: #1c1c1c; /* old browsers */
+background: -moz-linear-gradient(top, #1c1c1c 0%, #0a0a0a 100%); /* firefox */
+background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#1c1c1c), color-stop(100%,#0a0a0a)); /* webkit */
+filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#1c1c1c', endColorstr='#0a0a0a',GradientType=0 ); /* ie */
}
/* headers (h1,h2,etc) have no default font-size or margin. define those yourself. */
h1,h2,h3,h4,h5,h6 {
@@ -159,8 +159,7 @@ textarea {width:100%;height:300px;}
p {margin:5px 0;}
hr {
color:#000;
-border-color: #222;
-background-color: #222;
+background-color: #143C14;
height:1px;
border:1px;
}
@@ -169,11 +168,12 @@ margin: .5em 1em;
padding-left: 1em;
font-family: monotype;
font-style: oblique;
+letter-spacing:.06em;
}
.title a {
font-size:1.3em;
text-decoration:none;
-color:#3d5c3d;
+color:#336c3d;
}
#container {width:960px; margin:0 auto;}
@@ -186,7 +186,7 @@ margin:10px 0 0 0;
padding:5px 0;
}
#page_footer {
-color:#3d5c3d;
+color:#336c3d;
font-size:.9em;
}
/* search form */
@@ -213,7 +213,7 @@ padding:5px;
margin: 5px 0;
color:#0f0;
background: #0a0a0a;
-border: 2px ridge #3d5c3d;
+border: 2px ridge #336c3d;
font: 1.18em monospace;
}
.domxss_sink {background-color:#9B7D00;}
@@ -227,7 +227,9 @@ width: 60%;
float:left;
margin-left:1em;
}
-
+.small {
+font-size:.9em;
+}
/*
* Non-semantic helper classes: please define your styles before this section.
*/
@@ -1,6 +1,6 @@
{% extends 'post.html' %}
-{% block title %}Web Security Articles and Resources | DOM XSS Scanner{% endblock %}
+{% block title %}Articles about DOM based XSS | DOM XSS Scanner{% endblock %}
{% block content %}
<h2>Articles about DOM based XSS</h2>
View
@@ -43,11 +43,13 @@ <h1 class="title"><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner
<input class="url" name="url" id="url" type="url" value="http://">
<input class="button" type="submit" value="Start scan">
</form>
- <p>Discover DOM XSS Security Flaws</p>
+ <p class="small">Discover DOM XSS Security Flaws</p>
+ <hr>
</div>
</div>
</header>
+
<div id="main" role="main" class="container_12">
<div id="content" class="grid_12">
{% block content %}{% endblock %}
@@ -58,7 +60,7 @@ <h1 class="title"><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner
{% block featured %}{% endblock %}
<footer id="page_footer" class="container_12">
- <div class="grid_12"><p class="small "><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner</a> is an <a href="https://github.com/yaph/domxssscanner">open source tool</a> for finding potential DOM based XSS security vulnerabilities created by <a href="http://www.ramiro.org/">Ramiro Gómez</a></p></div>
+ <div class="grid_12"><p class="small"><a href="/" title="DOM XSS Scanner start page">DOM XSS Scanner</a> is an <a href="https://github.com/yaph/domxssscanner">open source tool</a> for finding potential DOM based XSS security vulnerabilities created by <a href="http://www.ramiro.org/">Ramiro Gómez</a></p></div>
<div id="social" class="grid_12">
<div class="addthis_toolbox addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="button_count"></a>
@@ -22,7 +22,8 @@
<ul>
<li><a href="/info/articles">DOM XSS articles and resources</a></li>
<li><a href="/info/videos">DOM XSS videos</a></li>
-<li><a href="/info/tools">Free Web Security Tools</a></li>
+<li><a href="/info/tools">Free Security Tools</a></li>
+<li><a href="/info/security">General Security Resources</a></li>
</ul>
</div>
@@ -0,0 +1,66 @@
+{% extends 'post.html' %}
+
+{% block title %}General Security Resources | DOM XSS Scanner{% endblock %}
+
+{% block content %}
+
+<h2>General Security Resources</h2>
+<p>This page is a list of links to guides, tutorials, blogs, news sites, data bases, and books that cover various aspects of security.</p>
+<hr>
+
+<h3>Security Guides and Tutorials</h3>
+<ul>
+<li><a href="http://code.google.com/p/owasp-development-guide/wiki/Guide">OWASP Development Guide</a></li>
+<li><a href="https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide">OWASP Secure Coding Practices Quick Reference Guide</a></li>
+<li><a href="http://code.google.com/edu/security/">Google Code University Web Security Course</a></li>
+<li><a href="http://google-gruyere.appspot.com/">Web Application Exploits and Defenses</a></li>
+<li><a href="http://www.w3.org/Security/faq/">The World Wide Web Security FAQ</a></li>
+<li><a href="http://code.google.com/p/browsersec/wiki/Main">Browser Security Handbook</a></li>
+<li><a href="http://code.google.com/p/html5security/">html5security - HTML5 Security Cheatsheet</a></li>
+<li><a href="http://googlewebmastercentral.blogspot.com/2011/05/website-security-for-webmasters.html">Website Security for Webmasters at Google Webmaster Central</a></li>
+<li><a href="http://www.smashingmagazine.com/2010/10/18/common-security-mistakes-in-web-applications/">Common Security Mistakes in Web Applications - Smashing Magazine</a></li>
+<li><a href="http://cwe.mitre.org/top25/">CWE - 2010 CWE/SANS Top 25 Most Dangerous Programming Errors</a></li>
+<li><a href="http://shortrecipes.blogspot.com/2010/02/anonymous-browsing-internet-using.html">Anonymous Internet browsing using Ubuntu 9.10, Tor and Firefox | Short IT recipes</a></li>
+<li><a href="http://www.cyberciti.biz/tips/linux-security.html">20 Linux Server Hardening Security Tips</a></li>
+<li><a href="http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html">Hueniverse: Explaining the OAuth Session Fixation Attack</a></li>
+<li><a href="http://php-ids.org/">PHPIDS Web Application Security 2.0</a></li>
+<li><a href="http://ha.ckers.org/xss.html">XSS (Cross Site Scripting) Cheat Sheet</a></li>
+<li><a href="http://www.mvps.org/winhelp2002/hosts.htm">Blocking Unwanted Parasites with a Hosts File</a></li>
+</ul>
+<hr>
+
+<h3>Security News and Information</h3>
+<ul>
+<li><a href="http://www.exploit-db.com/">Exploits Database by Offensive Security</a></li>
+<li><a href="http://blog.fortinet.com/">Fortinet FortiGuard Blog</a></li>
+<li><a href="http://googleonlinesecurity.blogspot.com/">Google Online Security Blog</a></li>
+<li><a href="http://labs.m86security.com/">M86 Security Labs Blog</a></li>
+<li><a href="http://nakedsecurity.sophos.com/">Naked Security | News. Opinion. Advice. Research</a></li>
+<li><a href="http://malwareint.blogspot.com/">Malware Intelligence Blog. A division of MalwareIntelligence</a></li>
+<li><a href="http://blogs.mcafee.com/mcafee-labs">McAfee Labs | Blog Central</a></li>
+<li><a href="https://www.schneier.com/">Schneier on Security</a></li>
+<li><a href="http://www.itworld.com/security">Security | ITworld</a></li>
+<li><a href="http://www.symantec.com/connect/symantec-blogs/sr">Security Blogs Security Response | Symantec Connect Community</a></li>
+<li><a href="http://www.computerworld.com/securitytopics/security">Security Topic Center - Computerworld</a></li>
+<li><a href="http://www.securityfocus.com/vulnerabilities">SecurityFocus Vulnerabilities Search</a></li>
+<li><a href="http://blog.stopbadware.org/">StopBadware.org - StopBadware Blog</a></li>
+<li><a href="http://osvdb.org/">The Open Source Vulnerability Database</a></li>
+<li><a href="http://www.wired.com/threatlevel/">Wired Threat Level</a></li>
+</ul>
+<hr>
+
+<h3>Security Books</h3>
+<ul>
+<li><a href="http://www.amazon.com/gp/product/B005MMUM2W/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=B005MMUM2W">BackTrack 5 Wireless Penetration Testing Beginner's Guide</a></li>
+<li><a href="http://www.amazon.com/gp/product/1441793747/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=1441793747">Ghost in the Wires: My Adventures As the World's Most Wanted Hacker</a></li>
+<li><a href="http://www.amazon.com/gp/product/0071740643/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0071740643">HACKING EXPOSED WEB APPLICATIONS, 3rd Edition</a></li>
+<li><a href="http://www.amazon.com/gp/product/159327288X/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=159327288X">Metasploit: The Penetration Tester's Guide</a></li>
+<li><a href="http://www.amazon.com/gp/product/1597495433/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=1597495433">Seven Deadliest Web Application Attacks (Seven Deadliest Attacks)</a></li>
+<li><a href="http://www.amazon.com/gp/product/0470639539/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0470639539">Social Engineering: The Art of Human Hacking</a></li>
+<li><a href="http://www.amazon.com/gp/product/1118026470/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=1118026470">The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws</a></li>
+<li><a href="http://www.amazon.com/gp/product/0071776168/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399373&creativeASIN=0071776168">Web Application Security, A Beginner's Guide</a></li>
+<li><a href="http://www.amazon.com/gp/product/0596514832/ref=as_li_ss_tl?ie=UTF8&tag=dxs-20&linkCode=as2&camp=217145&creative=399369&creativeASIN=0596514832">Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast</a></li>
+</ul>
+<hr>
+
+{% endblock %}
View
@@ -1,33 +1,63 @@
{% extends 'post.html' %}
-{% block title %}Free Web Security Tools | DOM XSS Scanner{% endblock %}
+{% block title %}Free Web and Network Security Tools | DOM XSS Scanner{% endblock %}
{% block content %}
-<h2>Free Web Security Tools</h2>
+<h2>Free Web and Network Security Tools</h2>
<p>This page lists free Web security tools that you can use to scan Web sites for security related issues or to protect yourself against attacks.</p>
<hr>
-<h3>Web Security Tools for the Desktop</h3>
+<h3>Security Tools for the Desktop</h3>
<ul>
-<li><a href="http://w3af.sourceforge.net/">w3af Web Application Attack and Audit Framework</a></li>
-<li><a href="http://code.google.com/p/skipfish/">skipfish web application security scanner</a></li>
-<li><a href="http://www.cirt.net/nikto2">Nikto Open Source web server scanner</a></li>
-<li><a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab security testing on web applications and web services</a></li>
+<li><a href="http://zapotek.github.com/arachni/">Arachni Web Application Security Scanner Framework</a></li>
<li><a href="http://www.owasp.org/index.php/JBroFuzz">JBroFuzz web application fuzzer</a></li>
+<li><a href="http://www.alobbs.com/macchanger/">GNU Mac Changer | Alvaro's web site</a></li>
+<li><a href="http://www.gnupg.org/">GNU Privacy Guard - GnuPG.org</a></li>
+<li><a href="http://www.getmantra.com/">Mantra - Free and Open Source Browser based Security Framework</a></li>
+<li><a href="http://www.metasploit.com/">Metasploit Penetration Testing Software</a></li>
+<li><a href="http://www.cirt.net/nikto2">Nikto Open Source web server scanner</a></li>
<li><a href="http://www.parosproxy.org/">Paros web application security assessment</a></li>
-<li><a href="http://zapotek.github.com/arachni/">Arachni Web Application Security Scanner Framework</a></li>
+<li><a href="http://preyproject.com/">Prey - Track down your stolen laptop</a></li>
+<li><a href="http://code.google.com/p/skipfish/">skipfish web application security scanner</a></li>
+<li><a href="http://www.truecrypt.org/">TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux</a></li>
+<li><a href="http://w3af.sourceforge.net/">w3af Web Application Attack and Audit Framework</a></li>
+<li><a href="http://wapiti.sourceforge.net/">Wapiti Web application security auditor</a></li>
+<li><a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab security testing on web applications and web services</a></li>
+<li><a href="http://www.websecurify.com/">Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool</a></li>
<li><a href="https://github.com/WebExploitationFramework/wXf">wXf Web Exploitation Framework</a></li>
+<li><a href="http://code.google.com/p/wfuzz/">wfuzz - Web application bruteforcer</a></li>
</ul>
<hr>
-<h3>Web Security Firefox Add-ons</h3>
+
+<h3>Web based Security Tools</h3>
+<ul>
+<li><a href="http://uptime.netcraft.com/up/graph">Netcraft What's That Site Running Results</a></li>
+<li><a href="http://webscantest.com/">Web Scanner Test Site</a></li>
+</ul>
+<hr>
+
+<h3>Security Firefox Add-ons</h3>
<ul>
<li><a href="https://addons.mozilla.org/en-US/firefox/addon/noscript/">NoScript run executable code only from trusted domains</a></li>
+<li><a href="http://codebutler.github.com/firesheep/">Firesheep</a></li>
</ul>
<hr>
-<h3>Web Security Chrome Extensions</h3>
+
+<h3>Security Chrome Extensions</h3>
<ul>
<li><a href="https://chrome.google.com/extensions/detail/ghgabhipcejejjmhhchfonmamedcbeod?hl=en">Click&amp;Clean Delete your browsing history</a></li>
<li><a href="https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en">NotScripts whitelist trusted sites</a></li>
</ul>
<hr>
+<h3>Other Security Tools Lists</h3>
+<ul>
+<li><a href="https://www.owasp.org/index.php/Phoenix/Tools">Phoenix/Tools - OWASP</a></li>
+<li><a href="https://fedorahosted.org/security-spin/wiki/availableApps">Fedora Security Lab distribution package list</a></li>
+<li><a href="http://sectools.org/web-scanners.html">Top 10 Web Vulnerability Scanners</a></li>
+<li><a href="http://sectools.org/crackers.html">Top 10 Password Crackers</a></li>
+<li><a href="http://www.junauza.com/2008/07/10-best-hacking-and-security-software.html">10 Best Hacking and Security Software Tools for Linux</a></li>
+<li><a href="http://www.junauza.com/2009/06/10-more-hacking-and-security-software.html">10 (More) Hacking and Security Software Tools for Linux</a></li>
+</ul>
+<hr>
+
{% endblock %}
@@ -1,6 +1,6 @@
{% extends 'post.html' %}
-{% block title %}Web Security Videos | DOM XSS Scanner{% endblock %}
+{% block title %}Videos about DOM based XSS | DOM XSS Scanner{% endblock %}
{% block content %}
<h2>Videos about DOM based XSS</h2>

0 comments on commit 184b537

Please sign in to comment.