How To Prevent Information Leakage In Web Application

Although it may not be feasible or desirable to prevent the disclosure of absolutely any information that an attacker may find useful, various relatively straightforward measures can be taken to reduce information leakage to a minimum and to withhold the most sensitive data that can critically undermine an application’s security if disclosed to an attacker. Read More …

Finding and Exploiting Path Traversal Vulnerabilities

Path traversal vulnerabilities arise when the application uses user-controllable data to access files and directories on the application server or another backend filesystem in an unsafe way. By submitting crafted input, an attacker may be able to cause arbitrary content to be read from, or written to, anywhere on the filesystem being accessed. This often Read More …

The life cycles of Vulnerability Assessment and Penetration Testing

This post describes the key phases in the life cycles of Vulnerability Assessment and Penetration Testing. These life cycles are almost identical; Penetration Testing involves the additional step of exploiting the identified vulnerabilities. It is recommended that you perform testing based on the requirements and business objectives of testing in an organization, be it Vulnerability Read More …

NMAP Check List For Security Assessment

Scripting Engine : -sC Run default scripts –script=| |…Run individual or groups of scripts –script-args= Use the list of script arguments –script-updatedb Update script database Script Categories : Nmap’s script categories include, but are not limited to, the following: auth: Utilize credentials or bypass authentication on target hosts. broadcast: Discover hosts not includedon command line Read More …

10 Best Linux Distro For Ethical Hacking And Penetration Testing | Hacker Bulletin2016

10 Best Operating Systems For Ethical Hacking And Penetration Testing | 2016 Kali Linux: Developed by Offensive Security as the rewrite of BackTrack, Kali Linux distro tops our list of the best operating systems for hacking purposes. This Debian-based OS comes with 600+ preinstalled pen testing tools that make your security toolbox richer. These versatile Read More …