What are the two phases of Web Application Security testing ?

Passive and Active. In the passive mode the tester tries to understand the application’s logic and plays with the application. Tools can be used for information gathering. For example, an HTTP proxy can be used to observe all the HTTP requests and responses. At the end of this phase, the tester should understand all the […]

Read More

What is Web Application Security Testing?

A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls. A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical […]

Read More

IPV4 Header

The IPV4 Header. The artist of these precise drawings is Matt Baxter. I found these images back in 2010 while I was still a student at NYU. All credit to Matt Baxter.

Read More

Scenario: An employee’s computer has been sending out spam …

A while back, the IT Help Desk received a number of complaints that one of the employee’s computers was sending out Viagra spam. They checked it out, and the reports were true: a hacker had installed a program on the computer that made it automatically send out tons of spam email without the computer owner’s […]

Read More

Scenario: Someone used their Yahoo account at work…

Someone used their yahoo account at a computer lab. She made sure her yahoo account was no longer open in the browser window before leaving the lab. Someone came in behind her and used the same browser to re-access her account. They started sending emails from it and caused all sorts of mayhem. Question: What […]

Read More

Scenario: A friend sends an e-card to your work email…

A friend sends an electronic e-greeting card (e-card) to your work email. You need to click on the attachment to see the card. What should you do? Answer: Delete the message: This one has four big risks: 1. Some attachments contain viruses or other malicious programs, so just in general, it’s risky to open unknown […]

Read More

Scenario: You receive the following email from the Help Desk…

You receive the following email from the Help Desk: Dear Email User, Beginning next week, we will be deleting all inactive email accounts in order to create space for more users. You are required to send the following information in order to continue using your email account. If we do not receive this information from […]

Read More