What is fuzzing?

Fuzzing is when random data is thrown at a web application to see what happens next.  A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application and record the reaction of the application. In the context of web application testing, fuzzing means testing especially for buffer overflows, parameter validation […]

Read More

Side effects of automated testing

Automated security testing technologies can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments.  If you target a web application, which performs many database operations, such as updating or inserting new records, some of the following things […]

Read More

What is Nikto2?

Nikto is an Open Source (GPL) web server scanner which can check for more than 6,700 potentially dangerous files or programs, for outdated versions of more than 1,250 servers, and for version-specific issues on more than 270 servers. Additionally, it will look at server configuration concerns such as multiple index files and various HTTP server […]

Read More

What is OpenVAS?

OpenVAS is a vulnerability scanner.  It is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.  It is open source and it is free. Click here for instructions on installing OpenVAS in Kali. The installation process worked for me as of 6/29/2016 although it required more […]

Read More

What is Burp Suite?

Burp Suite is an integrated platform for performing security testing of web applications.  Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite has a large array of features, including but not limited to: […]

Read More

What is CSRF or XSRF?

Cross-Site Request Forgery, usually abbreviated CSRF or XSRF, and sometimes pronounced like “sea surf”, is an exploit which takes advantage of the trusted relationship between a user’s browser and a web application. Essentially, given certain conditions, an attacker is able to trick a user into unknowingly performing a sensitive action (such as transferring money from […]

Read More

Tools That Should Be In Your Infosec Toolbox

Reference: http://www.proactiverisk.com/tools/ DISCLAIMER The following list of URL’s are a collection of resources broken down by category. The resources are listed numerically in no particular order except for tracking purposes Breach Laws State Breach Laws Hardening Guides Windows: CIS Security Benchmarks for Windows NSA Security Configuration Guides for Windows Microsoft Baseline Security Analyzer Microsoft PC Security Secunia Personal […]

Read More