Fuzzing is when random data is thrown at a web application to see what happens next. A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application and record the reaction of the application. In the context of web application testing, fuzzing means testing especially for buffer overflows, parameter validation […]
Category: Web application security
Side effects of automated testing
Automated security testing technologies can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments. If you target a web application, which performs many database operations, such as updating or inserting new records, some of the following things […]
What are some web application vulnerability assessment tools and frameworks?
Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can […]
What is Nikto2?
Nikto is an Open Source (GPL) web server scanner which can check for more than 6,700 potentially dangerous files or programs, for outdated versions of more than 1,250 servers, and for version-specific issues on more than 270 servers. Additionally, it will look at server configuration concerns such as multiple index files and various HTTP server […]
What is OpenVAS?
OpenVAS is a vulnerability scanner. It is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is open source and it is free. Click here for instructions on installing OpenVAS in Kali. The installation process worked for me as of 6/29/2016 although it required more […]
What is Burp Suite?
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite has a large array of features, including but not limited to: […]
What is CSRF or XSRF?
Cross-Site Request Forgery, usually abbreviated CSRF or XSRF, and sometimes pronounced like “sea surf”, is an exploit which takes advantage of the trusted relationship between a user’s browser and a web application. Essentially, given certain conditions, an attacker is able to trick a user into unknowingly performing a sensitive action (such as transferring money from […]
Tools That Should Be In Your Infosec Toolbox
Reference: http://www.proactiverisk.com/tools/ DISCLAIMER The following list of URL’s are a collection of resources broken down by category. The resources are listed numerically in no particular order except for tracking purposes Breach Laws State Breach Laws Hardening Guides Windows: CIS Security Benchmarks for Windows NSA Security Configuration Guides for Windows Microsoft Baseline Security Analyzer Microsoft PC Security Secunia Personal […]