Clickjacking or the UI redress attack is a relatively new type of malicious attack that targets mainly web applications. It works by superimposing a webpage over another existing web page using an iframe, and the user interacts with the malicious superimposed page while presuming that he is interacting with […]
Supervisory control and data acquisition (SCADA) networks contain computers and software that perform critical tasks and provide essential services within critical infrastructure. They’re considered by cyber strategists to be the backbone of any country. Critical infrastructure, and in particular control systems, require protection from a variety of cyber threats […]
During penetration testing, sometimes you get stuck with a secure environment where all the servers and end-clients are fully patched, updated, firewalled, and have anti-virus software installed. Network firewall rules have been configured properly, and all internal clients are NATed to the Internet. A network-based IDS/IPS sensor is out […]
In the previous IDA Pro article, we took a look at the basics of reverse engineering source code and binary files. This rare dissertation committed to impart cracking and byte patching in a binary executable using IDA Pro with the intention of subverting various security constraints as well as […]
VulnVPN has been created by the author of http://www.rebootuser.com/ and I must say that it is a very good effort. The goal is to gain root access to a VPN server, and this article will take you through each step of the process.
Setting up VulnVPN and Backtrack
VulnVPN download link: […]
Introduction: Initial Detection/Mitigation Challenges
Before we go to the main topic of this article, let us take heed of two factors that exacerbate the buildup of effective defensive powers against Layer 7 DDoS attacks. First, the lack of knowledge about this matter leads an inexperienced IT security staff to take […]
Technology has changed the way that we work and operate; the flood of advances that we see daily are mind-boggling in their variety and quantity. While technological advances are necessary for the advancement of our race, they can also bring with it a slew of other problems.
The major culprit […]
This article illustrates these contents in detail:
The .NET Application
Obfuscated Code Analysis
MSIL Code Analysis
The purpose of this paper is to demystify the .NET assembly obfuscation as a way to deter reverse engineering. The primary concern for organizations is typically protecting their source code (as intellectual property) from reverse […]
I’ve already discussed SSL in my previous article. Here I’ll be explaining SSLv3. It was developed by Netscape.
General SSL Architecture
It was designed to secure end-to-end services on the internet. I’ll show that SSL isn’t a single handed protocol. It’s a layer of more than one protocol such as: […]
The Tor network is an anonymizing network that allows people to browse the web and access other services without being traced. As part of this network, there is the so-called “darknet,” servers accessible only through Tor, which host a variety of services from forums to e-mail.
It does this by […]
All systems and database administrators will agree that password complexity does not go very far when it comes to SQL servers. Whether this is done to keep troubleshooting simple for support staff or it is simply a matter of underestimating the risks, it doesn’t really matter. What matters is […]
In the previous article, we discussed the importance of manual web services penetration testing, how to perform a manual test using SOA Client, how SOA client helps us in most cases, and what the restrictions are that require us to choose other options.
In this article, we will find the […]
In this article, we will look at some of the best practices an IOS developer should follow in order to make sure that their application is not easily exploitable by hackers.
Local Data Storage
It is extremely important for developers to know what kind of data they should be storing locally […]
Screenshot from ironic Daily Mail web page, credit http://ontoberlin.blogspot.ca/2013/07/three-concerns-about-camerons-porn-plans.html
It’s too easy for politicians to make promises. Throughout the 20th century and right through the 21st to the present day, politicians around the world have made promises in order to win elections or get re-elected that have ended up broken […]
In the previous article, we discussed the automated tools available for testing web services, how to automate web services penetration testing using different automated tools, and also why the automation of web services penetration test is not sufficient and manual testing is needed.
In this article, we will focus on […]
We live in a world where we’re connected to each other by a mouse click and a few keystrokes. It’s a revolution that changed the way we live our lives and run our businesses. It affects us in ways that we had never imagined before.
The internet gave us the […]
InfoSec Institute was recently awarded the Top 20 IT Training Company in 2013 distinction, for the 3rd year in a row. A much appreciated thank you goes out to every student that participated in the survey!
The organization behind the award, Training Industry, Inc., maintains a rigorous vetting process and surveys […]
Microsoft Windows 7 is much more secure than Microsoft Windows XP. The Windows XP operating system has lots of OS vulnerabilities and the malware infection rate is also very high compared to other operating systems. According to the Microsoft Security Intelligence Report, which details in depth the state of […]
In previous posts, I discussed a few browser extensions for Firefox and Chrome that turn the browser into a penetration testing tool. But what if you could get a browser with all those security extensions built in? Yes, it is true. OWASP Mantra is a web browser that comes […]
In the previous article, we discussed the importance of tools in penetration testing, how automation helps in reducing time and effort, and how to automate web services penetration testing using soapUI Pro.
In this article, we will be focusing on what other options are available to automate web services penetration […]