2017-10-11 17:08
I hope that most of you are already well-known with the information about the authentication. But let us mention the basics at least. The authentication is the simplest of all security mecha… Read More
Blog Directory > Technology Blogs > Gotowebsecurity technology Blog >
Gotowebsecurity Blog
gotowebsecurity.com
Tags:
web application
cissp module
web application server
application architecture
tool
management
customized web attacks
toolkitadditional tools
hijack
vendors software vulnerabilities
GotoWebsecurity is an independent blog providing free Internet security tips, mobile phone security tips and Cyber security tips to make you self protected.
2017-10-08 03:46
Let’s start with the explanation of the session management role. This mechanism is a fundamental security component in the majority of web apps. It enables the application to uniquely… Read More
2017-10-04 03:55
As we are already well introduced, any kind of web app is depending on the other layers of the technology stack which support it, and also including the application or the web server, networ… Read More
2017-09-30 02:16
All the attack techniques we described so far involved interacting with a live running app and have largely consisted of submitting the crafted input to the application and monitoring its re… Read More
2017-09-24 06:20
We won’t introduce any new vulnerabilities we haven’t talked about already. We will here examine one key element in the effective methodology for hacking web apps. It will be all… Read More
2017-09-19 16:11
We will start this topic by saying that the web app architecture is the important area of the security which is frequently overlooked when the security individual apps are appraised. The tie… Read More
2017-09-17 07:09
Essentially, when a developer writes code it is the everyday equivalent of writing a letter to the internet, more often than not that letter has the ability to unlock sensitive consumer info… Read More
2017-09-12 14:25
There are some attacks on the web app which can be performed using only a standard web browser. Although, most of them require you to use some kind of the additional tools. Those tools opera… Read More
2017-09-10 08:20
We came to an end of the CISSP tutorial! Let’s take a look what we learned in our CISSP training online! The 8 domains of CISSP: -In chapter 1 we learned about Security and Risk [...]… Read More
2017-09-09 13:10
With what intention was Zero Day Initiative (ZDI) created, have you asked yourself? It isn’t hard to guess that it is made to make the whole Internet security better. Of course, also f… Read More
2017-09-09 08:59
Today, we will describe the ways in which you can extract the further information from the app during an actual attack. Well, this actually mainly involves interfacing with the app in the un… Read More
2017-09-08 01:42
We talked about many different kinds of attacks. All of them have the same strategy-direct targeting the server-side application. But, the attacks that we are going to describe now fall unde… Read More
2017-09-03 09:14
We will introduce you now with server and application mapping tools. I will try to make it all clear for you, and I know that you will understand this process after you get some knowledge [… Read More
2017-09-02 04:08
We all heard already that the compiled software which runs in a native execution environment has historically been plagued by vulnerabilities such as buffer overflows and format string bugs… Read More
2017-08-30 18:01
In our previous chapter of CISSP training online, we learned about incident response, the forensics, types of evidence, Spared and RAID, clustering, and the web farms, backups, additional da… Read More
2017-08-27 08:18
Congratulations! We came to the Module 07! We are done with more than a half, and are coming to an end with CISSP online training! In Module 06, you’ve learned about vulnerability and… Read More
2017-08-24 07:56
There are several different encoding schemes which web apps use for their data encoding. As we know, HTTP and HTML protocols are text-based. In that purpose, the different encoding schemes a… Read More
2017-08-20 01:57
Let us continue our CISSP course together! In the previous Module, Module 05, we learned about ID, defining identity and access, core security requirements, access control models, authentica… Read More
2017-08-17 16:50
This is the full name of the protocol best know as HTTP. Let’s start with an explanation why is it used. It is used to access the World Wide Web and is also used by [...]
The post Core… Read More
2017-08-17 02:13
In the previous module of CISSP tutorial (Module 04), we talked about OSI Model, TCP/IP Model, common attacks, firewall, proxies and NAT, WAN, Wireless and Cloud Computing. We hope your CISS… Read More
2017-08-15 05:47
Anyone who is going to design the app needs to think about its proper security measures that need to be taken because it will in the most cases been attacked by dedicated and very skilled [… Read More
2017-08-13 04:03
For wireless hacking we will first of all put our wireless card into monitor mode and the command is – airmon -ng start wlan0 We can check that it has been started by doing ifconfig. [… Read More
2017-08-13 03:47
We are now continuing with our CISSP online training. In Module 03, we learned about trusted computing, computer architecture or CPU, memory, security models and access, common architecture… Read More
2017-08-12 01:09
For this session,we will use a tool called ‘Security Onion’ which you can download from the internet. It has a whole host of reporting tools built into it so is quick to setup an… Read More
2017-08-07 15:38
The following steps will be taken to show buffer overflow – PREP Kali Linux Create envexec.sh and vuln.c files and make envexec.sh Executable – Open the command prompt and do &ls&hell…Read More
2017-08-07 15:30
In the previous Module, we talked about roles and responsibilities, clarification, the states of data, configuration management, right? We hope it went well for you, so we can go to the next… Read More
2017-08-06 07:17
In Module 01, we described you the CISSP course material which consist of terms and meanings of CIA and IAAA, Tenets of Secure Design, risks – its assessments, analysis and mitigation… Read More
2017-08-05 14:50
Interested in becoming a CISSP? Your path should begin when you enter the computer world. Every professional you can meet in this area would recommend you to take a look at least into the ce… Read More
2017-08-04 17:06
For this demo we have a Kali Linux machine and an Ubuntu server running version 16.04.1. We will log in to the Ubuntu server and see that all the necessary updates have been done and [...]
T… Read More
2017-07-31 14:20
It is very well known today that the cyberspace became more dangerous in the previous year, 2016, with so many malware attacks all over the globe. Cyber criminals did huge operations which i… Read More
2017-07-28 02:37
Man-in-the-middle Attack We will start session hijacking with man-in-the-middle and start capturing packets. Here our attacker machine is Kali Linux and the victim is a Windows 10 virtual ma… Read More
2017-07-25 13:45
This will be a complete guide for you how to migrate HTTP to HTTPS. There has never been a better time than now to think about moving your site to HTTPS, with the performance you [...]
The p… Read More
2017-07-19 14:39
While working with viruses and worms, there is a strong possibility that we ourselves get infected or cause a major outbreak. So, one should always work on either a virtual machine or a tota… Read More
2017-07-15 02:42
Creating a Trojan Horse For this we have taken two machines, one has Kali Linux on it and another is a Windows 10 virtual machine. First of all we create our malicious code using social [… Read More
2017-07-11 14:23
Cross-site Scripting Attack Open a web-browser and go to a vulnerable website. We will here again use DVWA on IP 45.55.133.158. Log in and change the security setting to low. Go to XSS tab… Read More
2017-07-11 11:08
As we all have already heard, and also seen, not only the big companies are the target of the ransomware attacks. Sometimes, the small companies are an easier target for them so they can fas… Read More
2017-07-08 14:42
Man-in-the-middle-attack The first thing we do in packet sniffing is initiate a man-in-the-middle attack so that all the traffic from the victim machine is routed through the attacker machin… Read More
2017-07-05 14:57
Here are the steps to perform denial of service – Download slowloris – Open a browser and Google ‘slowloris’. Click on the Github link. Click on slowloris. The code w… Read More
2017-07-02 02:04
In system hacking we will discuss the following tools – Hydra – It is a password dictionary attack tool. Armitage – It is the front end for the metasploit framework for exp… Read More
2017-06-28 16:22
Web Credential Harvester We can use social engineering tools on Kali Linux to create web credential harvester. They help us to create fake websites or emails which trick people to give their… Read More
2017-06-24 04:50
In this, first of all we will look at the default passwords. Open the browser, go to a search engine let’s say Google, and search for ‘default password lists’. We will find… Read More
2017-06-22 01:00
We will perform mobile penetration testing in this session. We have connected an IPhone and have a Windows 7 machine. We will use Fiddler for this which only runs on Windows which can… Read More
2017-06-21 15:07
What is Cryptography? Cryptography is practice and study of hiding information. In IT it is the practice of changing plain text into cypher text and vice versa. What is Cryptography in the I… Read More
2017-06-20 14:44
What is a Buffer Overflow? A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent m… Read More
2017-06-19 12:23
We will use a Cryptool Portal which has many tools for this session. This is a great tool to learn about different kinds of cryptography. Figure1. Cryptool Portal Cryptool 1 When we open it… Read More
2017-06-17 10:58
What is SQL Injection? SQL Injection is a web hacking technique used commonly to place malicious code in SQL statements. Most web applications connect to some sort of backend database, wheth… Read More
2017-06-14 15:44
Database Concepts A database is a collection of data. Companies, enterprises, websites and many other store their data and other useful information in the database. It may be the information… Read More
2017-06-11 03:21
What are IDS, Firewall and Honeypot? Firewall – A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a def… Read More
2017-06-10 05:02
What are Mobile Platforms? Figure1. Mobile Platforms Android – It is the biggest and by far most popular. So it is also the biggest target. iOS – The next biggest p… Read More
2017-06-08 17:06
Every minute, an innocent internet surfer is the victim of malicious cyber-attacks, it for these reasons that internet security tips are essential. With infinite possibilities and unknown lo… Read More
2017-06-05 15:45
What are Wireless Concepts? Figure1. Wireless Concepts Extension to the Wired LAN – The wireless network could be a standalone network or an extension of the wired LAN. The aim… Read More
2017-06-04 02:30
What is DOM based cross site scripting? Web developers are working hard round the clock to test websites for loopholes that can be exploited, and attackers are working hard to find vulnerabi… Read More
2017-06-03 01:11
With the ever growing threat to online security, it is important for developers to find relevant shortcomings in their code. A File path traversal also known as directory traversal is a type… Read More
2017-06-02 09:12
What are Web Server Vulnerabilities? Figure 1. Web Server Vulnerability Default settings – A lot of hacking of web servers happen as a result of system administrator leav… Read More
2017-05-31 16:29
What are Web Application Vulnerabilities? Figure 1. Web Application Vulnerabilities XSS – It is cross side scripting. It allows a malicious actor to embed a malicious script on a websi… Read More
2017-05-28 08:16
What is Clickjacking? How many times have you been redirected to a page you did not intentionally click on? Pop-ups, pages containing obscene images that randomly open up WebPages you didn&r&hell…Read More
2017-05-28 02:44
What is Session Hijacking? Figure 1. Session Hijacking Hijacking is a type of network security attack in which the attacker takes control of a communication – just as an airplane hijac… Read More
2017-05-27 07:34
What is Denial of Service? Figure 1. Denial of Service Denial of Service (DoS) is the interruption in an authorized user’s access to a computer network, typically one caused with malic… Read More
2017-05-26 14:50
What is Social Engineering? Figure 1. Social Engineering Social Engineering is the use of deception to manipulate individuals onto divulging confidential or personal information that may be… Read More
2017-05-25 15:00
In the wake of the increase in a number of cyber-attacks, ensuring online security has become absolutely essential. A necessity for every web page that holds sensitive user data and utilized… Read More
2017-05-25 00:06
Hacking android phones is the topic of the day and every teenager and a wannabee hacker is trying several ways to get into their buddies’ phones. Android phone hacking took a new turn… Read More
2017-05-23 15:06
What is Traffic / Packet Sniffing? Network traffic or Packet Sniffing is the interception and logging of network traffic as it passes over a computer network. If we look at the TCP/IP stack… Read More
2017-05-22 01:34
This module of Ethical hacking tutorial will discuss about Trojans Theory which covers what exactly are Trojans, how to create it, how to detect them and countermeasures for Trojans. &n&hell…Read More
2017-05-21 01:39
What is a Virus/ Worm? A virus is a type of malware that is capable of replicating by reproducing itself and spreads by user’s action and typically has a detrimental effect. The major… Read More
2017-05-20 04:21
What is this module about? This module is an overview of the last three phases. This is an introductory module to the rest of gaining access, maintaining access and covering tracks module th… Read More
2017-05-18 16:18
Welcome to third module of Ethical hacking course which discuss about Scanning theory. In our previous tutorial, we covered Footprinting Theory and now similarly we are going to talk about w… Read More
2017-05-17 18:10
In the session we are going to use two Kali Linux tools to explain FootPrinting. The first tool is – DNS Recon – It is a tool for DNS reconnaissance. You will not find it [...]
T… Read More
2017-05-16 14:05
“SQL Injection“, the terms itself refer to one kind of attack. When attackers execute malicious SQL statements affecting your website or any web application, it is termed ou… Read More
2017-05-14 15:49
What is FootPrinting? It is the first phase of a penetration test. It is also called reconnaissance. It allows a hacker to gain information about the target system. In this segment, we… Read More
2017-05-13 06:40
What is Enumeration? Enumeration is the third phase of a penetration test. The ultimate purpose of enumeration is to get even more information about the target system and things such as rout… Read More
2017-05-08 16:00
Trojan! We only can relate two things by this name. One is the ancient Greek war vehicle, and the other is the vicious malware of modern age. However, this article is not about the ancient [… Read More
2017-05-07 14:10
Backporting is a technique used to apply a security fix to a older version of the software component using the parts of the newer version of same software component. In some cases the e… Read More
2017-05-06 03:04
Description: When applications throw detailed error messages or printstacktrace during the execution of a program then that application is considered to be vulnerable to system information l… Read More
2017-05-04 01:19
Description: Hardcoded password is nothing but a plaintext password used in the application source code as it is one of the easiest ways to use password for authentication as required to con… Read More
2017-05-02 02:42
The reliance on technology is boosting up. The threats are also going accordingly. What else may we face in the run? Well, there are different types of cyber attack that can break your devic… Read More
2017-04-28 12:28
SSL is secure socket layer, also normalized as TLS known as Transport Layer Security and it is mainly used for secure transmission of data between the client and server and in this article w… Read More
2017-04-28 12:25
Description: If applications do not enforce Http Strict Transport Security then there is a chance that sensitive data could be transmitted in clear text and those having access to the networ… Read More
2017-04-27 13:41
Follow my blog with Bloglovin Besides personal computer, smartphone has taken the place where almost anything can be done. Smartphone technology is getting so advanced that we do not… Read More
2017-04-25 14:37
Here we will talk about basic network security appliances. These appliances keep an eye on the traffic and alerts the administrator is anything wrong is detected. These devices play an impor… Read More
2017-04-25 14:36
Now we are going to discuss the methods through which we can ensure our network security. These methods can be either software or hardware based depending on the need and type of network. Th… Read More
2017-04-25 14:36
A wireless medium is vulnerable to various threats. Here we will discuss different kinds of threats and techniques to overcome them. There are the following Wireless Network Threats –… Read More
2017-04-25 14:35
In this sub module we will discuss about the importance of authentication and methods to achieve highest level of network security with ease of use. There are various techniques and protocol… Read More
2017-04-24 08:07
In this sub module we will discuss some more ways of wireless network security. Users can adopt one or more security measure to protect the information on a wireless network. Access Control… Read More
2017-04-22 14:04
While transmitting data over a network, there is always one issue that arrives often and that is security. In this module we will discuss about various security threats that may arise during… Read More
2017-04-22 04:35
Hello and welcome to phases of penetration testing. In this first module of Ethical Hacking, we will discuss the need of phases of penetration testing which is a standardised methodology tha… Read More
2017-04-20 04:27
Cross site scripting Attacks (XSS) is a client side attack and it occurs if the applications doesn’t validate external input. There are 3 types of Cross site scripting attacks: Reflect… Read More
2017-04-20 03:31
Malicious File Upload Description: If applications having file upload feature do not check for permissible file extension file size file content etc then those applications are having m… Read More
2017-04-20 03:15
Here we are going to discuss different methods and rationales for network performance optimization. There are different applications which can help improve the performance of the network. La… Read More
2017-04-19 10:01
Cross Site Request Forgery Description: It is also known as session riding or one click attack and sometimes pronounced as sea surf. If an application has this vulnerability… Read More
2017-04-16 05:31
Documentation is essential for maintaining the integrity and Network Management. It helps to get and insight about the performance of the network and maintain the integrity of the network. … Read More
2017-04-14 13:39
The number of cyber threats is increasing day-by-day. What happens when cyber criminals capture the entire database of an enterprise or a personal device? They either try to take control ove… Read More
2017-04-14 13:37
Here we will discuss how to use the appropriate resources to analyse network traffic. Analysing network traffic is very important to improvise the performance and take necessary steps to mak… Read More
2017-04-12 15:20
Maintaining cyber security is necessary for each and every one of us. The ubiquity of security tools and equipment let us make the cyber security strong enough. Why is it necessary to create… Read More
Subscribe to Gotowebsecurity
Get updates delivered right to your inbox!