VAPT

SQL Injection Attack Via ORM Sink

Test cases for SQL Injection via ORM Sink What is an SQL injection? SQL injection (SQLi) is a major or one of the top OWASP application security weakness that allows attackers/hackers to inject, gain control in an application’s database and letting them access or delete data, change an application’s data-driven behaviour or flow, and do…

VAPT

XXE Attack using Burpsuite

Steps: ⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular) a)Pre-settings to be done b)Go to the vulnerable website: c) Do Forget password: ⦁ I have used Burpsuite to Intercept the data ⦁ Generated a request to generate new password ⦁ The request was using “Explicit XML entities” as we can see above in the screenshot….

VAPT

Basics of Vulnerability Assessment and Penetration Testing

Basics of Vulnerability Assessment and Penetration testing As the number of web and mobile applications is increasing the cyber attacks are increasing everyday too. World statistics shows that more than 70% of the applications either have vulnerabilities which could be exploited by a hacker, or worse, those are already exploited. The data loses due to…

VAPT

Android Security Risks

Scope of article Open source world loves Android operating system. It is surely a gift from google, that provides cutting edge and versatile mobile development platform. While there are tons of applications already running on multiple tablets and phones, little is known about the security of this platform. This article talks about the security model…

VAPT

How To Pentest Firewall

How to pen test a firewall externally Firewall is a device or software which is responsible for filtering traffic of network. It can be implemented between trusted zone (Corporate Network Area) and untrusted zone (Internet). All the communication between trusted and untrusted zone flow through firewall and it grants or reject the access. I t…

VAPT

E-commerce Website Pentesting Final

How to pentest e-commerce website Setting up an E-commerce system is a complex process. It is necessary to be protected and customer privacy at the top of your agenda as a Retailer. To maintain the integrity of the E-commerce system, Penetration Testing becomes compulsory. Penetration Testing or Ethical Hacking is a necessary step in ensuring…

VAPT

Wireless Security Devices Compliance

RCIE Course Modules: 3.9 Wireless Security Devices Compliance What are wireless security protocols? Wired Equivalent Privacy (WEP), (WPA) Wi-Fi Protected Access, Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are security protocols developed to secure computer networks. WPA to WPA 3 was developed by the Wi-Fi Alliance to make networking more secure…

VAPT

Vulnerabilities Framework Latest

Vulnerabilities in Ruby-on-Rails Framework & How to prevent it: Ruby-on-rails—it’s modular, easy-to-read, and broadly supported by legions of loyal developers. Many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. As per the CVE database: Arbitrary file existence disclosure in Sprockets CVE 2015-7819 Available as Ruby…

VAPT

Vulnerabilities in Ruby

Vulnerabilities in Ruby-on-Rails Framework & How to prevent it: Ruby-on-rails—it’s modular, easy-to-read, and broadly supported by legions of loyal developers. Many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. As per the CVE database: Arbitrary file existence disclosure in Sprockets CVE 2015-7819 Available as Ruby…