This is part 4 in a series. Part 1 is available here:w3af Tutorial Part 1 Part 2 is available here:Discovery and Audit plugins Part 3
Testing firewall and IDS rules is a regular part of penetration testing or security auditing. However, because of the unique complexity involved of different environments,
Authentication or E-authentication (Electronic authentication) is the way, technique, and method to establish a connection between two entities. This connection is based on confidence and
Introduction Ammonite is a Fiddler extension used to scan web applications for common vulnerabilities like verbose and blind SQL injection, OS commanding, local file inclusion,
This is Chapter 6 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 5 is available here: VLAN Network Segmentation and Security- Chapter 5
iPhone forensics can be performed on the backups made by iTunes or directly on the live device. This Previous article on iPhone forensics detailed the
For many years, there has been a territorial dispute between China and Philippines over the Scarborough Shoal (Philippine Term: Panatag Shoal) or Huangyan Island (Chinese
In general, web developers care for some common vulnerability in web applications. But there are some dangerous and less known vulnerabilities, which widely exist on
Introduction As logs never lie, it’s very important to aggregate and analyze the internal and external network logs constantly so that companies can prevent breach
Works against Java, AppleUpdate, Google Analytics, Skype, Blackberry and more Introduction We all know that hackers are constantly trying to steal private information by getting
Preview Sharing source code with peers is one thing; sharing secrets over a public medium is another. The all-seeing eye of Google has no mercy,
According to ISACA, the CISM certification is changing to reflect the new CISM job practice analysis. (Source: ISACA’s CISM Review Manual 2012 p. iii) ISACA
Profile Subject: Doug Steelman Doug Steelman is the Chief Information officer of Dell SecureWorks, where he leads the defense of Dell SecureWork’s networks. Before joining
During penetration testing, the main objective of the auditor is to exploit and gain access. For that to happen, it is required to have some
In the first part of this article, we discussed the iPhone application traffic analysis. In this part, we will take a look at the privacy
This is Chapter 5 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 4 is available here:Attack Surface Reduction – Chapter 4 Chapter 3
Web application security is always an important topic to discuss because websites seem to be the first target of malicious hackers. Hackers use websites to
In the previous article w3af walkthrough and tutorial part 2 – Discovery and Audit plugins, we looked at the various discovery and audit plugins used by w3af
Last month, I participated in a project that involved the scanning of a whole continent. The goal of the project was to report, within 20
Wireless Penetration Testing in my opinion is one of the most fun parts of Ethical Hacking. It incorporates application exploits once you are on the
Introduction I’m reasonably sure that anyone reading this particular article has heard about viruses, worms, trojans and malware; as well as numerous antivirus products like
Nowadays, every organization uses digital data storage and web application to manage and update data. As internet usage increases, it is important to digitize everything
Armitage is a GUI for Metasploit which makes penetration testing easier. It was developed by Raphael Mudge. This tool helps to reduce the time and
With the significant prevalence of Linux web servers globally, security is often touted as a strength of the platform for such a purpose. However, a
Web Application Security: A Beginner’s Guide provides IT professionals with an actionable, rock-solid foundation in Web application security–from a complete overview of the tools and
During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing,
Web application security is a serious and an important topic to discuss nowadays, since hacking attacks are common. There are hundreds and thousands of tutorials
1) Mexican Drug Gangs Kidnap Computer Hackers and Programmers Mexican drug trafficking organizations are increasingly demonstrating a desire to make money from cyber-crime, attracted by
Profile Subject: Michael Peters Michael Peters has been an independent information security consultant, executive, researcher and author, with more than 25 years of information technology
DarkComet used in Syrian Conflict? On February 17th the CNN published an interesting article, where some Syrian’s regime opponents claimed that the government was using
Jynx2 is the second installment in the LD_Preload Jynx Rootkit series first released October 19, 2011 at blackhatacademy.org. See references for earlier versions and additional information. Features: Hooks
Web based interfaces are convenient for managing networking equipment, but under no circumstances should these be open to the world and the internet. Many networks
In the previous article w3af walkthrough and tutorial Part 1 we looked at how to use the w3af console. We also learnt about the different
Clickjacking is one of the most used attacks by spammers on Facebook. Almost in every month, we face a new type of clickjacking attack on
Another excellent publisher has offered up a generous sample of a book we’ve been talking about. This is Chapter 12 from Practical Malware Analysis – The
In this paper we will talk about a non-common vector of SQL injections. Read more… (1217 words, 1 image, estimated 4:52 mins reading time) This
Translating layer 2 local addresses to layer 3 globally routable addresses is the sole responsibility of the Address Resolution Protocol. ARP spoofing is a fun
Metasploit is a wonderful tool containing several exploits, giving the user an array of possibilities for penetration testing. It was designed to help the pen
Web Application vulnerabilities in social networking sites are very common these days. In this article, we will discuss a vulnerability found in social networking sites
w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be