In the first part of SSL attacks, we have seen details about two attacks, namely BEAST (browser exploit against SSL/TLS attack) and SSL renegotiation attack. In this second part, we are going to deal with CRIME, TIME, and Lucky13 attacks. Let us proceed further and try to understand each […]
Android Application Penetration Testing: Setting up, Certificate Installation and GoatDroid Installation
To begin with mobile application penetration testing on the Android platform, we have multiple tools available that can be easily downloaded and installed to prepare the environment testing.These tools will help us to set up a virtual device serving as a smart phone using Android and the mobile application […]
Metasploit Framework, the Metasploit Project’s best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to create security testing tools and exploit modules and also as a penetration testing system. It was originally created as a portable network tool in 2003 by HD […]
Clickjacking or the UI redress attack is a relatively new type of malicious attack that targets mainly web applications. It works by superimposing a webpage over another existing web page using an iframe, and the user interacts with the malicious superimposed page while presuming that he is interacting with […]
During penetration testing, sometimes you get stuck with a secure environment where all the servers and end-clients are fully patched, updated, firewalled, and have anti-virus software installed. Network firewall rules have been configured properly, and all internal clients are NATed to the Internet. A network-based IDS/IPS sensor is out […]
VulnVPN has been created by the author of http://www.rebootuser.com/ and I must say that it is a very good effort. The goal is to gain root access to a VPN server, and this article will take you through each step of the process.
Setting up VulnVPN and Backtrack
VulnVPN download link: […]
The Tor network is an anonymizing network that allows people to browse the web and access other services without being traced. As part of this network, there is the so-called “darknet,” servers accessible only through Tor, which host a variety of services from forums to e-mail.
It does this by […]
All systems and database administrators will agree that password complexity does not go very far when it comes to SQL servers. Whether this is done to keep troubleshooting simple for support staff or it is simply a matter of underestimating the risks, it doesn’t really matter. What matters is […]
In the previous article, we discussed the importance of manual web services penetration testing, how to perform a manual test using SOA Client, how SOA client helps us in most cases, and what the restrictions are that require us to choose other options.
In this article, we will find the […]
In the previous article, we discussed the automated tools available for testing web services, how to automate web services penetration testing using different automated tools, and also why the automation of web services penetration test is not sufficient and manual testing is needed.
In this article, we will focus on […]
We live in a world where we’re connected to each other by a mouse click and a few keystrokes. It’s a revolution that changed the way we live our lives and run our businesses. It affects us in ways that we had never imagined before.
The internet gave us the […]
Microsoft Windows 7 is much more secure than Microsoft Windows XP. The Windows XP operating system has lots of OS vulnerabilities and the malware infection rate is also very high compared to other operating systems. According to the Microsoft Security Intelligence Report, which details in depth the state of […]
In previous posts, I discussed a few browser extensions for Firefox and Chrome that turn the browser into a penetration testing tool. But what if you could get a browser with all those security extensions built in? Yes, it is true. OWASP Mantra is a web browser that comes […]
In the previous article, we discussed the importance of tools in penetration testing, how automation helps in reducing time and effort, and how to automate web services penetration testing using soapUI Pro.
In this article, we will be focusing on what other options are available to automate web services penetration […]
This is a non-technical guide which will make you familiar with the transport layer. The main purpose of writing this guide is to point out why we need major security implementation on the transport layer. What if the components of this layer get compromised?
In today’s digital world, nearly every […]
The NSA FoxAcid Platform
Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero-day exploits to use for cyber operations. The revelation isn’t surprising, the security community is aware of the great effort spent by governments on cyber […]
Are you still looking for a suite of tools that may complete your day-to-day activities, or are you just looking for new tools that you can try or play with? No need to worry, because today is your lucky day! Today, I will be mentioning links, resources, and websites […]
Early this year we witnessed major IT firms suffering from data breaches of one kind or another, and they have come out in the open about the breaches, as well. A couple of examples are Apple and Twitter. It’s going to be costly if the enterprises play according to […]