VAPT

XXE Attack using Burpsuite

Steps: ⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular) a)Pre-settings to be done b)Go to the vulnerable website: c) Do Forget password: ⦁ I have used Burpsuite to Intercept the data ⦁ Generated a request to generate new password ⦁ The request was using “Explicit XML entities” as we can see above in the screenshot….

Code Security

WordPress VAPT And Fixation Techniques

VULNERABILITIES FIXATION TOOL USED FOR SCAN – WPSCAN. PLUGIN USED FOR FIXATION Full path disclosure: Many websites running WordPress are exposing the internal path/full path where the php files are installed when they display a php message error. This can be used to facilititate further attacks such as path traversal. – In a php.ini file,…

Code Security

Vulnerability Assessment in 3 PHP Frameworks

Vulnerability Assessment in 3 PHP Frameworks PHP is the most widely used server side language to build web applications and has a good variety of frameworks, most of them open source. Their popularity and increasing usage makes them an attractive target for hackers. So before adapting any of such frameworks for your project, be sure…

Open Source Security

Top 10 Web Log Analyzers

Title: Top 10 Web Log Analyzers Scope of article Today’s web hosting data centers are deployed with multiple web servers, running heterogeneous operating systems architecture. With ever increasing online businesses, it is important to know how many customers are really reaching to your websites. Beyond just the number of web hits, it is now imperative…

Open Source Security

Top 10 Security Vulnerability Scanners

Title: Top 10 Security Vulnerability Scanners Scope of article Gone are the days when a network administrator would sit in his cozy datacenter room, sip coffee and look at monitors showing datacenter stats. Today’s cyber world forces admin teams to deal with challenges which are beyond just the machine related problems. Modern datacenters deploy firewalls…

Open Source Security

Top 5 Security Assessment Tools

Title: Top 5 Security Assessment Tools While performing a vulnerability scanning against a network, it needs to be done from within the network as well as from external, or simply put, from either sides of the firewall protecting the network. A methodical approach suggested is to start from network evaluation phase where sniffing and primary…

Open Source Security

Top 3 Network Monitoring Tools

Title: Top 3 Networks Monitoring Tools Scope of article In a well managed IT infrastructure, network monitoring acts as eyes and ears to spot problems before they appear. System administrators need a complete visibility into their critical IT components such as servers, applications and networks. These tools can monitor a server crash or a failing…

Compliance

SOC2 Compliance for Startups

SOC 2 FOR SERVICE ORGANISATIONS SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report. Each type of SOC for Service Organizations report is designed to help service organizations meet specific…

Open Source Security

Securing Xen Virtualization

Title: Securing Xen Virtualization Scope of article The concept of virtualization was created in IT industry to achieve easy management and maintenance of the server infrastructure. While there are many production environments running on robust virtual servers, there are underlying security challenges which should be carefully addressed while designing virtualization solutions. This article talks about…

Open Source Security

Securing SSH Service

Title: Securing SSH Service Scope of article SSH service is very widely used in the open source infrastructure setups. Due to its small footprint on network, as well as ease of installation and maintenance, SSH replaces many remote shells in the modern data centers. Though SSH stands for Secure Shell, it is found to be…