White Papers

Some of my published white papers in chronological order.

Hiding your identity in the Internet (Turkish) – 26.04.2003

Small XSS Paper – 28.07.2004
Potentially the first paper ever talks about detecting and exploiting XSS vulnerabilities in HTML attributes and Javascript blocks.

A Practical Guide to PGP (Turkish) – 09.01.2005
Practical introduction to PGP, explains basic of PGP with some real world examples.

Attacking and Defending Wireless Networks (Turkish) – 25.12.2005
A Highly detailed document about attacking and defending wireless network.

SQL Injection Cheat Sheet – 15.03.2007
The most comprehensive SQL Injection Cheat Sheet, includes lots of detailed information about SQL injection methods and covers several different databases. Translated into Japanese, Published in “Hacker Japan” Issue 05.2007.

XSS Tunnelling – 10.07.2007
Cutting edge research about exploitation of XSS vulnerabilities. Explains the implementation and idea of tunnelling HTTP traffic through XSS channels to bypass several restrictions and gain a total control over the victim’s session.

Deep Blind SQL Injection – 26.10.2007
A new way to exploit Blind SQL Injections which allows attacker to get 16+ different answers at a time from Blind SQL Injections instead of 2 (true or false). Also it’s implemented in BSQL Hacker.

SQL Wildcard Attacks – 12.05.2008
A new attack vector against web applications and databases. Affects more than 70% of web applications with an MS SQL Server database. This attack is now documented in the OWASP Testing Guide v3 as well.

SSL Implementation Security FAQ – 14.05.2008
Quite comprehensive FAQ for common SSL implementation security pitfalls.