Hi all,

I was testing a web app the other day and found a pretty cool DOS bug that I wanted to share as it should work on most sites that use this method.

The site was online site that you could buy item from they took two methods of payment credit card and reserve pay later within 24 hours.

The Bug:
I noticed that if you reserve an item it would take it out of their database so no one else could buy the item. The problems were once it took it out of the database no one else could buy it, and two there was no limit on what you could buy. So in theory you could purchase everything in the store and it would stop anyone else from buying anything for up to 24 hours or until they noticed the issue.

As said any site that use like a reserve and collect could have this issue.

Cool there are some good books on that list anyone else have good recommendation

Might not be best idea posting email address as they get picked up and you will get spam.

If you want to chat to other professional there are some pretty cool IRC channels to hang out on.

Mixed Security Links (All Levels)
https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList

Yah the website is the best place but facebook is used to keep everyone uptp date.

It will be in London

Cool bit fo advice any other advice from people who have passed ?

The event has not been update on the website yet as they run a few events but most guys who do it work as well so they do it in their free time.

It best to join the Facebook group but they also have website

http://ypisg.bcs.org/

hmm I guess but not everyone who get caughty is not just script kiddie. Kevin micknick got caughty I would never class him as script kiddie. I do agree that most probabley are the fact is everyone makes mistakes and that is usally their downdfall.

Yes I agree dont add stuff that it not helpful to a client giving them a reprot of 450 pages you may think you show value for money but if the contents is not help it come back to bite you

You might be best trying to contact some speakers I never done a talk at con so not sure on best advice to give you maybe you should try hit up people like dark tagent on twitter or others that have done talks worldwide.

hmm I find most books follow the same sort of thing and cover the same topics.

Hi all,

I do a lot free work for a group and in November we are running a small pen test event it cost about £30 this includes lunch but places are limited.

If you have Facebook you can join out group YPISG to keep up with events.

I read the first one and felt was ok a great read for a beginner.

Cool post and like you website

Yah really good point always use protection

When viewing sites that have been hacked!!