OWASP API security (https://www.owasp.org/index.php/OWASP_API_Security_Project) is an open source project which is aimed at preventing organizations from deploying potentially vulnerable APIs. APIs expose micro services to consumers, making it important to focus on how to make these APIs safer and avoid known security pitfalls. Let’s take a look at the OWASP top ten list of API […]
The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. One of the best feature of Metasploit Framework is that you can easily upgrade your normal command shell payload into Meterpreter payload once the system has been exploited. Meterpreter is a Metasploit […]
MyBB is one of the most widely used open source, intuitive, extensible, and incredibly Forum software out there. The software is recognized for its security as well as it is the most secure among many platforms such as vBulletin, phpBB, bbPress etc. With everything from forums to threads, posts to private messages, search to profiles, […]
There are plenty of ways to make your password secure, but most people just don’t bother. It is much easier to set a password that is easy to remember, but hackers rely on this to break into insecure sites. Try to at least make it hard to guess by making it eight characters or more, […]
Unvalidated data Never trust anything you get from a Web browser. The browser is completely outside of your control, and it’s easy to fake values like the HTTP referrer. It’s also easy to fake a hidden field in a form. More importantly, when dealing with forms, for example, validate the data carefully. Use a “deny all, […]
1) National Vulnerability Database https://nvd.nist.gov/ NVD i.e. National Vulnerability Database is a product of NIST (National Institute of Standards and Technology) Computer Security Division which is sponsored by DHS(Dept. of Homeland Security’s). The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data […]
Today we’ll discuss about the post exploitation attack using metasploit framework to hack any Android Device without any port forwarding. Generally you can get easily reverse TCP connection with Meterpreter in a LAN network but when you do the same thing over internet i.e. WAN, then the scenario is little bit different. With this method, […]
1. Always Use the max key size supported by AP for encryption – If the key size is large enough, then it takes more time to crack the key by the attacker. Also it is recommended to change the encryption key frequently so that it makes difficult for the cracker to break the key. 2. […]
Today we’ll discuss about the hijack method used in banking sector i.e. botnets to steal money or some sensitive information from the user. What are these botnets used for? They are used for many different purposes like gathering private details, logins to websites, credit card information, bank logins, PayPal accounts etc. If you can use […]
As we all knows, Security is the most discussing topic in today’s time and is obviously everyone’s need. Everyone has so many bank accounts, credit cards, paypal account, social accounts etc and sometimes we forgot to LOGOUT our accounts while accessing the internet in public places or in cyber cafes. For that users, Now you […]