webapplicationsreview.com

Picnik is a free online photo and image editing web application and is claimed to offer the newest, the best and the most efficient online editing service there is. Picnik’s most popular and most distinctive feature is its online image editing service. Users can upload photos from their hard drives and start editing them using Picnik’s wide range of photo editing tools. After editing, users can either save their photos to their PC’s, e-mail them or upload them to any of the available sharing sites. Picnik also has this sleek, clutter-free interface which allows users to easily navigate their away around the editing page. As for registration, you only need to provide a username, your e-mail and password, and to specify your year of birth before using this excellent powerful application.

Skillr–a a global recruitment service and advertising platform. Seekers can boast about their skills. On the other hand the recruiters will be able to sort out these candidates, also used is a search for simple candidate

Mygetgo’s–they are free and they are fully customizable internet. It starts where one decides on its contents. The links and even the way it all looks allows one to easily get the best from the internet. Mygetgo can be made a homepage, also agroup of friends can use it as a common homepage.

FilesTube.com–a search engine that has been designed to search for files in the different file sharing and uploading sites. It is a rapidshare search engine that could search the options of different file formats. With the metadata information that have been collected, the results are relevant and high quality and relevant.

Last week, the Gdrive, the web-based drive that Google provided has become almost a reality, but it will still take some time for it to be real. You do not however have to wait long to have the free storage that you have always wanted. You have at your disposal as your visual drive, the 5-gigabyt lus f Gmail storage as your Gspace and Gmail Drive.

There is really not much of a comparison to between the two, except that if you like setting your 1982 Walkman against your iPod Classic. The Gmail Drive is devoid of advanced features, though. It is a standalone program that could turn your Gmail storage into a virtual drive. Create a shell namespace extension, and this becomes your virtual file system around the account. It is also accessible from your preferred file-tree explorer.

After IBM unearthed vulnerabilities in a 3rd party component of Lotus 1-2-3, IBM released a patch that is used for security flaws in its Lotus Notes that are highly critical.

Core Security Technologies issued a security advisory which says that a buffer overflow is triggered when users open a malicious file attachment as Lotus 1-2-3 tries to process the Lotus Worksheet file format. A malicious attacker could take control of a user’s system via remote, then execute arbitrary code.

Core Advisory noted that “Although these specific vulnerabilities exist on a third-party component, the problem is compounded by the way Lotus Notes displays information about attachments, making it easier to elicit unsuspecting assistance from the users to exploit them.”

As an example, these attackers could send a malicious Lotus 1-2-3 file attachment with a common extension of .jpg or .gif, instead of a MIME Content-type e-mail header.

Radar Networks will announce a new Semantic Web application called Twine. Its founder Nova Spivack showed a demo of the new application that was described as a “knowledge networking” application. it is a combination of social networking, blogging, wikis, and knowledge management systems, but its highlight is that it is built with Semantic Web technologies. Twine wants to bring a usable and scalable interface to what has been promised a long time ago by the Semantic Web.

Twine wants to be “the first mainstream Semantic Web application”. There have been lots of theories about the Semantic Web, but there are yet very few large scale success stories (if any). The question now is will Twine finally break through as the Semantic Web app?

AppScan, said to be the most mature Web application vulnerability scanner on the market was developed in 2000 as a companion to Sanctum’s AppShield Web application firewall. Now it is owned by IBM, one of the most well-known names in computi. This ia result of the acquisition in July by Big Blue of WatchFire. AppScan’s experience might not be enough as the Ajax applications being fed to their scanners proved to be troublesome, even for long-established products. For IBM, AppScan looks like a sound investment because of the advanced functionality and reliability, the features that were the most successful so far at traversing our Ajax applications.

There were tense moments, though, when they first began scanning one of their sample Ajax apps, the experienc of which seem to be repeating now. AppScan was not able to parse the JavaScript automatically. WatchFire investigated, however, it said that it had no trouble with the application. What gives?

Sending Trojans through the email is so Web 1.0, that the cyberattackers have jumped the bandwagon of the Facebook and MySpace generation. They have included Trojans into the apps and widgets available in these sites. According to researchers at Finjan, cyberattackers are now going to these social networking sites such to get more victims.

“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t, kindly delete it immediately. If it did come from them, research on the app or widget from previous users.

Source

WebScarab: a Web Application Review tool which came about from the designs of the people who were inhabiting the WebAppSec list that was run from SourceForge, for a powerful, free, open tool for reviewing web applications for security vulnerabilities. However, it cannot be said that the original design has actually been fully implemented as envisioned. WebScarab started as a spider that was able to download all the pages on a site, and stayed like that for about a year. Lessons learned during the development of Exodus were used to implement WebScarab. Now, almost nothing of the original WebScarab has remained in the current code base. The spider code in wihch WebSphinx/WebScarab was based on was mature and well-tested, but it did not fit in with most people’s view of how such a tool should operate. A trivial spider was implemented in its place instead of ripping out 99% of WebSphinx, . The original WebScarab/WebSphinx spider code is still available from SourceForge, for anyone who is interested