Tutorials

Host Header Attack – Practical Exploitation and Prevention

The “HOST” header is part of the http protocol, vulnerable applications are vulnerable because they insert the value of this header into the application code without proper validation, this means not only applications hosted on Apache/Nginx can be vulnerable. For Host Header Attack Exploitation, basically there are two ways through which you can exploit the […]

Tutorials

HTTP PUT Method Exploitation – Live Penetration Testing

In this article, we’ll be exploiting the HTTP PUT method vulnerability on one of the Metasploitable2 webserver through which you can easily upload any malicious file onto the server and can gain the access of the whole webserver in meterpreter shell. In last article, we’ve already learnt that how to Test HTTP Methods with Curl, […]

Tutorials

Testing Methods for HTTPS with OpenSSL, Curl and Nmap

If you’re using the HTTP protocol for surfing Internet, you usually use only using two of its methods i.e. GET and POST. However HTTP has a number of other methods like OPTIONS, TRACE, CONNECT, PUT and DELETE which are very risky if all these HTTP Methods are open in your web server. According to RFC […]

Tech Articles

Simple Tips to Prevent SQL Injection Vulnerability

As seen from the previous articles, SQL injection has the ability to attack a web server database, compromise critical information, and expose the server and the database to a variety of malicious exploits; however, there are measures that can be applied to mitigate SQL injection attacks. Use of these practices does not guarantee that SQL […]

Tech Articles

Mitigations for Common Web Application Flaws

The most prominent components of web applications that intruders will first seek to exploit are vulnerabilities within the web platform. The web platform commonly includes: Web server software (such as IIS or Apache). Extensions to the web server, such as ISAPI filters and extensions, or Apache modules. Dynamic execution environments like ASP.NET, PHP, and J2EE […]

Q&A

Top 40 XSS (Cross Site Scripting) Revision Questions with Answers

The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML Injection and XSS? A: Both of them refer to exactly the same thing. In one of the situations, the attacker injected valid HTML tags, while […]

Tutorials

[Solution] SSL Handshake Alert Error – Burp Suite

Web Application Proxies like Burp Proxy, WebScarab or Tamper Data Addon allow a security tester to intercept the requests/responses between the client HTTP application and the web server. Proxies are the fundamental for the analysis of the web application. Portswigger Burp Suite is a suite of tools that will let us test and inspect the […]