As companies accept new digital technologies, the possibility of being targeted by cyber-attacks increases. Increasing network complication through digital innovation often makes unique network differences that cyber attackers can take…
Tag: penetration testing
Handy MySQL Commands – Cheatsheet 2018
Designing the database is a key step, largely because changes to the database at a later date have far larger implications and potential complications than changing any other aspect of the site.…
Host Header Attack – Practical Exploitation and Prevention
The “HOST” header is part of the http protocol, vulnerable applications are vulnerable because they insert the value of this header into the application code without proper validation, this means…
19 Most Useful Plugins for Burp Suite [Penetration Testing]
Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. Burp is highly functional and provides an intuitive and user-friendly interface.…
[Solution] Disable the detectportal.firefox.com requests in Burp Suite
Approx a year back, Mozilla added a new feature “Captive Portal” support to Firefox browser in an attempt to enhance usability when connecting to free Wi-Fi portals. Captive Portal feature…
Bypass HacktheBox.eu Invite Registration
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges…
Top 10 Penetration Testing Distributions – 2018 Update
For those who are interested in learning how to do Penetration Testing, there are many tools and operating systems are available, but very few targets to practice against safely –…
Simple Tips to Prevent SQL Injection Vulnerability
As seen from the previous articles, SQL injection has the ability to attack a web server database, compromise critical information, and expose the server and the database to a variety…
Mitigations for Common Web Application Flaws
The most prominent components of web applications that intruders will first seek to exploit are vulnerabilities within the web platform. The web platform commonly includes: Web server software (such as…
Top 40 XSS (Cross Site Scripting) Revision Questions with Answers
The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML…
50 questions you need to know about Professional Penetration Testing | FAQ
Those of us who have conducted or participated in a penetration test will understand that tools are not the only thing necessary to successfully complete a PenTest. Methodologies are essential…
[Solution] SSL Handshake Alert Error – Burp Suite
Web Application Proxies like Burp Proxy, WebScarab or Tamper Data Addon allow a security tester to intercept the requests/responses between the client HTTP application and the web server. Proxies are…
Gloom – Linux Penetration Testing Framework
Security is a state in which we ensure a proper gap between the threats and assets of an organization. We try to either move assets far away from threats or…
Penetration Testing Quick Cheatsheet v1.0 – 2017
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Here we’re listing out…
Pythem – Multi-Purpose Pentest Framework 2017
Pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for…
Top 5 Mobile App Testing Tools – Featured 2017
1. AFE – Android Framework for Exploitation, is a framework for exploiting android based devices. They’ve been in the security field from past 5 years and having a strong enthusiastic…
Mobile Application Penetration testing Checklist 2016
Client Side – Static and Dynamic analysis Test Name Description Tool OWASP Applicable Platform Result Reverse Engineering the Application Code Disassembling and Decompiling the application, Obfuscation checking apktool, dex2jar, Clutch,…
Checklist for performing security testing on web applications
For every businessman, development of website is much important as it acts as a most important promotional tool for his products and services. By Developing a website means, your website…
Every Penetration Tester you should know about this – Rules of Engagement
Penetration testing involves the use of a variety of manual and automated techniques to simulate an attack on an organization’s information security arrangements. One of the key points when managing…