Everything you need to know about the Bash Bug vulnerability
The Bash Bug vulnerability (CVE-2014-6271)
A new critical vulnerability, remotely exploitable, dubbed “Bash Bug”, is threatening billions of machines all over the world.
The vulnerability was discovered by the security researcher Stephane Chazelas at Akamai firm. It affects Linux and Unix command-line […]
To view Part I of the article series, please open: http://resources.infosecinstitute.com/website-hacking-101/
To view Part II of the article series, please open: http://resources.infosecinstitute.com/website-hacking-101-part-ii/
In this part of the Website Hacking 101 series, we are going to discuss controlling access to directories (if access is not controlled by key directories like include/includes, the […]
By their nature, business endeavors involve various elements of risk. These elements may include technological, commercial, legal, financial, and environmental risks.
As technologies evolve, businesses become global and regulations more pervasive, the level of risks facing organizations grows exponentially and the challenges become ever more complex.
Organizations have long sought frameworks […]
Ted is an application developer who lost his job in the IT sector due to company downsizing.
Ted was displeased at being laid off just before Christmas, and expressed his displeasure by launching a systematic attack on his former company’s network.
Three weeks following his termination, the insider used the username […]
In the past, many popular websites have been hacked. Hackers are now active and always try to hack websites and leak data. This is why security testing of web applications is very important. And here comes the role of web application security scanners. Web Application Security Scanner is a […]
Now that we’re well into the second decade of the 21st century, mobile computing technology and the increasingly ubiquitous nature of the Internet have been making strides into even more facets of our lives. Many refrigerators, cars, and other machines which became prevalent throughout the 20th century now come […]
1. What is an Acceptable Use Policy?
An Acceptable Use Policy (henceforward mentioned as “AUP”) is agreement between two or more parties to a computer network community, expressing in writing their intent to adhere to certain standards of behaviour with respect to the proper usage of specific hardware & software […]
But there’s no Santa Claus. I do indeed have a sanity clause, though.
Intelligence agencies and private security researchers in the United States, the United Kingdom, and other countries have had reason to suspect that the Chinese government may be spying on individuals, corporations, and governments by selling Huawei and […]
This is the fourth part of our Nmap Cheat Sheet. Here we will discuss more about firewall scanning, IDS/IPS Evasion, web server pen testing, etc. Before that, we should know some basics about firewall so that it will easy to bypass it.
What is a Firewall?
A firewall is nothing but […]
The goal for this article is a sprint from never using Docker to using it to deploy a GUI application that only has a console deployment pattern for Docker.
Why would you want to Dockerize your application? Several reasons. LXC is certainly more powerful, but it also requires significantly more […]
What is Parameterized SQL Query? It is used for better performance, high efficiency and prevention of SQL injection vulnerability. Before going further, let us have a brief introduction to SQL injection.
SQL injection is a very popular and common web application vulnerability caused by improper handling of input data and […]
Application vulnerability is caused when a developer fails to sanitize the input from user and blindly uses it as an input for further data processing. One of the major parts of an application development is to validate user input data and pass it through proper sanitization and escaping.
What is […]
On September 9th, during Apple’s iPhone press event, the corporation announced a few new products, of which you’re probably already aware of. Two new iPhones to catch up with innovations that debuted with high end Android smartphones (such as the “phablet” form factor), an Apple Watch (surprisingly not called […]
The cloud has been around for some time now and is still gaining popularity in every day operations of IT companies. I’ve seen different companies with operational models 90% based on cloud services, where the rest of the 10% is constituted of in-house servers. The basic response after asking […]
Every day, our digital identity is menaced by several cyber threats that are becoming even more sophisticated. Every year, data breaches expose million of records that are used by cyber criminals for illegal activities. Particular attention is given to medical records, a specific type of data that is attracting […]
CAPTCHA has been implemented for decades to prevent automated scripts (Bots) from jamming registration or login pages. Even though tons of tools and research have exposed its weakness with the ability to reverse the image into plain text, plenty of insecure images are still out there being used on […]
In this article, we will learn how sensitive cryptographic key material can be taken away from DRAMs, which are used in most modern operating systems through an attack known as cold boot attack.
Though it is believed by many that a computer’s memory gets erased as soon it loses power […]
- Ge! Stop! What’s Segmentation?
The 80186 is a faster version of the 8086. It also has a 20-bit address bus and 16-bit data bus, but has an improved instruction set. The 80186 was never widely used in computer systems.
The real successor to the 8086 is the 80286, which […]
According to the technology market intelligence company “ABI Research”, there are currently more than 10 billion wirelessly connected devices. In 2030, the number of these devices will reach 30 billion. Some of these 30 billion will fall within the category of sleep-tracking devices.
A clear indication for the potential […]
Every organization should follow a proactive rather than a reactive approach to protect against threats, risks and vulnerabilities, to which if their IT infrastructure is exposed can lead to data loss, regulatory penalties, and lawsuits and damaged reputation. Moving on the same lines, to reduce the credit card fraud […]