Its All About Ethics
Year 2018 was full of cyber-attacks and the most serious news was about well-orchestrated cyber-attacks on banking industry. No matter how much awareness is generated, unfortunately the banking industry seems to be waking up only upon hearing about an attack and becomes sluggish on cyber security. While providing consultancy to many banks, in different geographical…
Test cases for SQL Injection via ORM Sink What is an SQL injection? SQL injection (SQLi) is a major or one of the top OWASP application security weakness that allows attackers/hackers to inject, gain control in an application’s database and letting them access or delete data, change an application’s data-driven behaviour or flow, and do…
Steps: ⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular) a)Pre-settings to be done b)Go to the vulnerable website: c) Do Forget password: ⦁ I have used Burpsuite to Intercept the data ⦁ Generated a request to generate new password ⦁ The request was using “Explicit XML entities” as we can see above in the screenshot….
Basics of Vulnerability Assessment and Penetration testing As the number of web and mobile applications is increasing the cyber attacks are increasing everyday too. World statistics shows that more than 70% of the applications either have vulnerabilities which could be exploited by a hacker, or worse, those are already exploited. The data loses due to…
Scope of article Open source world loves Android operating system. It is surely a gift from google, that provides cutting edge and versatile mobile development platform. While there are tons of applications already running on multiple tablets and phones, little is known about the security of this platform. This article talks about the security model…
How to pen test a firewall externally Firewall is a device or software which is responsible for filtering traffic of network. It can be implemented between trusted zone (Corporate Network Area) and untrusted zone (Internet). All the communication between trusted and untrusted zone flow through firewall and it grants or reject the access. I t…
Fundamentals of HTTP Headers and Web Application Security The notorious targets for all sorts of cyber attacks can be zeroed down to the web applications. The increasing pattern of cyber attacks has led us, to not just inculcate cyber security as a luxury, rather as a necessity for all the web developers and above all…
How to pentest e-commerce website Setting up an E-commerce system is a complex process. It is necessary to be protected and customer privacy at the top of your agenda as a Retailer. To maintain the integrity of the E-commerce system, Penetration Testing becomes compulsory. Penetration Testing or Ethical Hacking is a necessary step in ensuring…
RCIE Course Modules: 3.9 Wireless Security Devices Compliance What are wireless security protocols? Wired Equivalent Privacy (WEP), (WPA) Wi-Fi Protected Access, Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are security protocols developed to secure computer networks. WPA to WPA 3 was developed by the Wi-Fi Alliance to make networking more secure…
Vulnerabilities in Ruby-on-Rails Framework & How to prevent it: Ruby-on-rails—it’s modular, easy-to-read, and broadly supported by legions of loyal developers. Many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. As per the CVE database: Arbitrary file existence disclosure in Sprockets CVE 2015-7819 Available as Ruby…