Oracle Injection: http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/ MySQL Injection: http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/ http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://attack.samsclass.info/sqlol-raw/search-raw.htm https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
Monthly Archives: August 2016
Topology Discovery
The best way to discover the topology of a network is to run a topology discovery using NMAP. Examples: # nmap -sP 10.1.2.0/24. Now known as #nmap -sn 10.1.2.0/24. This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery […]
How to test firewalls for PCI-DSS compliance
Check Out Security Metrics: http://blog.securitymetrics.com/2014/07/configure-a-firewall-in-5-steps.html
HTTP Request Response Basics
HTTP: How It Is Built A request and a response. Request/response line, headers and a body. Lines delimited by the CRLF characters (0x0d, 0x0a) Browser → Server Specify the method: GET, POST, HEAD, OPTIONS, etc. Specify the location: a URL/URI (Unified Resource Locator/Identifier). Tell the server more stuff how you want the data: headers. Provide […]
What is fuzzing?
Fuzzing is when random data is thrown at a web application to see what happens next. A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application and record the reaction of the application. In the context of web application testing, fuzzing means testing especially for buffer overflows, parameter validation […]
Side effects of automated testing
Automated security testing technologies can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments. If you target a web application, which performs many database operations, such as updating or inserting new records, some of the following things […]