SQL Injection Links and Cheat Sheets

Oracle Injection:  http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/ MySQL Injection:  http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/ http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://attack.samsclass.info/sqlol-raw/search-raw.htm https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/  

Read More

Topology Discovery

The best way to discover the topology of a network is to run a topology discovery using NMAP. Examples: # nmap -sP 10.1.2.0/24.  Now known as #nmap -sn 10.1.2.0/24.  This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery […]

Read More

HTTP Request Response Basics

HTTP: How It Is Built A request and a response. Request/response line, headers and a body. Lines delimited by the CRLF characters (0x0d, 0x0a) Browser → Server Specify the method: GET, POST, HEAD, OPTIONS, etc. Specify the location: a URL/URI (Unified Resource Locator/Identifier). Tell the server more stuff how you want the data: headers. Provide […]

Read More

What is fuzzing?

Fuzzing is when random data is thrown at a web application to see what happens next.  A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application and record the reaction of the application. In the context of web application testing, fuzzing means testing especially for buffer overflows, parameter validation […]

Read More

Side effects of automated testing

Automated security testing technologies can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments.  If you target a web application, which performs many database operations, such as updating or inserting new records, some of the following things […]

Read More