What you need to know about performing authenticated network security scans

Reference: Acunetix Authenticated testing can add a lot of value to your overall security assessment results.  You’ll find a lot more missing patches, weak share permissions, and general misconfigurations.  But before you start testing with authentication, there are a few things you need to know: Authenticated scans will give you give you a ton of […]

Read More

Tools used to test for SQL Injection

Reference: OWASP Testing for SQL Injection OWASP SQLiX Sqlninja: a SQL Server Injection & Takeover Tool – http://sqlninja.sourceforge.net Bernardo Damele A. G.: sqlmap, automatic SQL injection tool – http://sqlmap.org/ Absinthe 1.1 (formerly SQLSqueal) – http://sourceforge.net/projects/absinthe/ SQLInjector – Uses inference techniques to extract data and determine the backend database server. http://www.databasesecurity.com/sql-injector.htm Bsqlbf-v2: A perl script allows […]

Read More

Open Source Black Box Testing tools

Reference: OWASP General Testing OWASP ZAP The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to […]

Read More

Some ways to use free tools

use Owasp ZAP or Webscarab for their proxy functionality. use Nikto and W3AF to scan web applications. use SQLMap to exploit SQL injections vulnerabilities. use XSSer to detect and exploit XSS vulnerabilities. use Powefuzzer to fuzz parameters use online encoder/decoders use DirBuster to find hidden resources

Read More

Tools that pair their services with browsers

Burp Suite pairs with OWASP Webgoat with your browser pointing to: localhost:8080/WebGoat/attack The Nessus service pairs with your browser pointing to: https://127.0.0.1:8834 OpenVAS pairs with the Greenbone Security Assistant, with your browser pointing to https://127.0.0.1:9392  

Read More

What are some common security threats?

Common Security Threats DoS (Denial of Service) – A DoS attack is a common type of attack in which false requests to a server overload it to the point that it is unable to handle valid requests, cause it to reset, or shut it down completely. There are many different types of DoS attacks including […]

Read More

What are some common networking protocols?

Common Networking Protocols TCP – TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP – This is a connectionless protocol, which means that a session is not created before sending data. IP […]

Read More

How do you provide confidentiality with encryption?

Providing Confidentiality with Encryption Confidentiality ensures that data is only viewable by authorized users. Encryption provides confidentiality of data, including data at rest (any type of data stored on disk) and data in transit (any type of transmitted data). Symmetric encryption uses the same key to encrypt and decrypt data. As an example, Remote Authentication […]

Read More