INSERT INTO sites(host) VALUES('') 1045: Access denied for user 'www-data'@'localhost' (using password: NO) Estimated Worth $174,773 - MYIP.NET Website Information
Welcome to!
 Set MYIP as homepage      


Web Page Information

Meta Description:
Meta Keywords:
sponsored links:
sponsored links:

Traffic and Estimation


Website Ranks

Alexa Rank:
Google Page Rank:
Sogou Rank:
Baidu Cache:

Search Engine Indexed

Search EngineIndexedLinks

Server Data

Web Server:
IP address:    

Registry information

ICANN Registrar:
Name Server:
Whois Server:

Alexa Rank and trends

Traffic: Today One Week Avg. Three Mon. Avg.
Unique IP:

More ranks in the world

Users from these countries/regions

Where people go on this site

Alexa Charts

Alexa Reach and Rank

Whois data

Who is at


Domain ID: D11103773-LRMS

Creation Date: 2005-10-29T16:36:15Z

Updated Date: 2012-09-09T03:02:47Z

Registry Expiry Date: 2021-10-29T16:36:15Z

Sponsoring, LLC (R171-LRMS)

Sponsoring Registrar IANA ID: 146

WHOIS Server:

Referral URL:

Domain Status: clientDeleteProhibited --

Domain Status: clientRenewProhibited --

Domain Status: clientTransferProhibited --

Domain Status: clientUpdateProhibited --

Registrant ID:CR23806187

Registrant Name:Registration Private

Registrant Organization:Domains By Proxy, LLC

Registrant Street:

Registrant Street: 14747 N Northsight Blvd Suite 111, PMB 309

Registrant City:Scottsdale

Registrant State/Province:Arizona

Registrant Postal Code:85260

Registrant Country:US

Registrant Phone:+1.4806242599

Registrant Phone Ext:

Registrant Fax: +1.4806242598

Registrant Fax Ext:

Registrant Email:RGAUCHER.INFO

Admin ID:CR23806189

Admin Name:Registration Private

Admin Organization:Domains By Proxy, LLC

Admin Street:

Admin Street: 14747 N Northsight Blvd Suite 111, PMB 309

Admin City:Scottsdale

Admin State/Province:Arizona

Admin Postal Code:85260

Admin Country:US

Admin Phone:+1.4806242599

Admin Phone Ext:

Admin Fax: +1.4806242598

Admin Fax Ext:


Billing ID:CR23806190

Billing Name:Registration Private

Billing Organization:Domains By Proxy, LLC

Billing Street:

Billing Street: 14747 N Northsight Blvd Suite 111, PMB 309

Billing City:Scottsdale

Billing State/Province:Arizona

Billing Postal Code:85260

Billing Country:US

Billing Phone:+1.4806242599

Billing Phone Ext:

Billing Fax: +1.4806242598

Billing Fax Ext:


Tech ID:CR23806188

Tech Name:Registration Private

Tech Organization:Domains By Proxy, LLC

Tech Street:

Tech Street: 14747 N Northsight Blvd Suite 111, PMB 309

Tech City:Scottsdale

Tech State/Province:Arizona

Tech Postal Code:85260

Tech Country:US

Tech Phone:+1.4806242599

Tech Phone Ext:

Tech Fax: +1.4806242598

Tech Fax Ext:




Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:

Name Server:


Access to AFILIAS WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Afilias registry database. The data in this record is provided by Afilias Limited for informational purposes only, a

nd Afilias does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise su

pport the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that sen

d queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Afilias reserves the right to modify these terms at any time. By

submitting this query, you agree to abide by this policy. For more information on Whois status codes, please visit

Front Page Thumbnail

sponsored links:

Front Page Loading Time

Keyword Hits (Biger,better)

Other TLDs of rgaucher

TLDs Created Expires Registered

Similar Websites


Search Engine Spider Emulation

Title:deep inside: security and tools
deep inside: security and tools
deep inside: security and tools
RSA 2013 speaking session
Sun 24 February 2013
I'll be speaking next week at RSA. My session is in Friday morning (10:20am, Room 132) and is called:
Why haven't we stamped out XSS and SQLi yet?
RSA talk content
Since all the slides are apparently available for everyone on the RSA website, I can give some more insights about what I will be talking about.
We ran an experiment at Coverity in which we analyzed many Java web applications and looked for where developers add dynamic data. The goal is to try to understand what contexts (both HTML contexts and SQL contexts) are frequently used.
The tone of the talk is fairly straightforward: security pros. have been giving advices to developers for a long time, yet we still have these issues on a frequent basis, so we map common advices with what we see from the data.
What you can expect from this talk:
Some information about observed HTML contexts: that's about 26 different stacks, 45% of them had 2 elements in the stack (e.g., HTML attribute - gt; CSS code), and the longest ones had 3 elements.
A list of SQL contexts and good notes about what developers usually do
Advices for security pros. on how to communicate with developers
Anyhow, this blog post is not only to announce this, but also to give some insights on how we extracted the data from these applications.
Analysis technique
We created and modified different checkers from Security Advisor in order to extract all injection sites that are related to dynamic data regardless of its taintedness.
For each injection site, we computed the context in which it belonged to the sub language (one of HTML, JavaScript, CSS, SQL, HQL, and JQPL). This represent our working dataset.
Here's an example of injection sites (using JSP):
span class="nt" lt;script spanspan class="na"type=spanspan class="s" quot;text/javascript quot;spanspan class="nt" gt;span
span class="kd"varspan span class="nx"contentspan span class="o"=span span class="s1" #39;${dynamic_data} #39;spanspan class="p";span
span class="c1"// context ::= {HTML SCRIPT TAG - gt; JS STRING}span
span class="nt" lt;/script gt;span
We track the construction of this snippet of HTML page and recorded the injection site such as ${dynamic_data} and its associated context. Since we do not care about the taintedness of dynamic_data we do not need to track all paths that could lead to a defect (XSS here) and that's where what we did is very different from our XSS checker.
Note that we still need to properly track parts of the HTML page that's being constructed to properly compute the context. This is however part of our context aware global data flow analysis...
For SQL related queries, we essentially need to do the same thing, but we also need to track the parameters being inserted in a query using a parameterized notation: remember, we need to find all dynamic data that can eventually go into a query.
That's why the following code:
span class="n"Stringspan span class="n"sqlspan span class="o"=span span class="s" quot;select foo, bar from table where 1=1 quot;spanspan class="o";span
span class="k"ifspan span class="o"(spanspan class="n"cond1spanspan class="o")span
span class="n"sqlspan span class="o"+=span span class="s" quot; and user= #39; quot;span span class="o"+span span class="n"user_namespan span class="o"+span span class="s" quot; #39; quot;spanspan class="o";span span class="c1"// context ::= {SQL_STRING}span
span class="k"ifspan span class="o"(spanspan class="n"cond2spanspan class="o")span
span class="n"sqlspan span class="o"+=span span class="s" quot; and password=? quot;spanspan class="o";span span class="c1"// context ::= {SQL_DATA_VALUE}span
has 2 interesting injection sites for the experiment, and we do not need to understand the full abstract string (an eventual set of 4 possible strings) from this piece of code.
Note that if there is this fairly common construct:
span class="n"Stringspan span class="n"sql1span span class="o"=span span class="s" quot;select foo, bar from table where quot;spanspan class="o";span
span class="n"Stringspan span class="n"and_begspan span class="o"=span span class="s" quot; and ( quot;spanspan class="o";span
span class="n"Stringspan span class="n"and_endspan span class="o"=span span class="s" quot; ) quot;spanspan class="o";span
span class="n"sql1span span class="o"+=span span class="n"and_begspan span class="o"+span span class="s" quot;user = #39; quot;span span class="o"+span span class="n"user_namespan span class="o"+span span class="s" quot; #39; quot;span span class="o"+span span class="n"and_endspanspan class="o";span
span class="n"sql1span span class="o"+=span span class="n"sql2spanspan class="o";span span class="c1"// `sql2` is another part of the query comingspan
span class="c1"// from a different procedure or sospan
we will still properly track the contexts even if all parts (sql1, and_beg, etc.) are inter-procedurally created.
I will quickly explain this during the talk, but essentially tracking HTML contexts on a global data flow analysis is not a trivial part. Moreover, considering the impact of some JavaScript code on the resulting web page (and therefore where the HTML contexts could potentially be transformed to at runtime) is an ever more complex problem. We did not analyze JavaScript.
All entries
February 2013 mdash; HTML5 tokenization visualization
September 2011 mdash; PHP, Variable variables, Oh my!
July 2011 mdash; Dissection of a SQL injection challenge
January 2010 mdash; Yes, we need a standard to evaluate SAST, but it ain't easy...
November 2009 mdash; Data driven factory: I give you data, you give me an object...
June 2009 mdash; NIST Static Analysis Tool Exposition special publication released
December 2008 mdash; Every-day's CSRF: Sorry, I turned off your christmas tree lights
August 2008 mdash; Why the "line of code" is indeed a good metric
May 2008 mdash; Accelerate the convergence to the bug: Running the test in 16-bit
February 2008 mdash; Code review tools: the missing link (so far)
January 2008 mdash; Talk: Problems and solutions for testing web application security scanners
October 2007 mdash; IE6 And IE7 don't have compatible CSS tricks
September 2007 mdash; Source Code Obfuscation
February 2007 mdash; The return of the SVG XSS
February 2007 mdash; How you should design a test suite for Web Apps Scanners
January 2007 mdash; Test Suites for Web Application Scanners
December 2006 mdash; SVG Files: XSS attacks

Updated Time

Friend links: ProxyFire    More...
Site Map 1 2 3 4 5 6 7 8 9 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 190 200 250 300 350 400 450 500 550 600 610 620 630 640 650 660 670 680 690 700 710 720 730 740 750
TOS | Contact us
© 2009 Dev by MYIP Elapsed:50.430ms