The Payment Card Industry Data Security Standard (PCI- DSS) was developed to follow the policy and standards of cardholder data security which consistent data security measures globally. PCI- DSS provides a minimum of technical and operational requirements to protect data of the cardholders. PCI -DSS applies to all operation which involved in payment card processing […]

  INTRODUCTION: HTML injection is an attack which occurs in web applications that allows users to insert an HTML tag attributes via using any specific parameters like,  <h>, </h1>, <td>, <tr>, <a href> tags are used as one of the sources to perform this HTML based injection attack. These strategies provided with untrusted input, at […]

INTRODUCTION: PCI-DSS and ISO 27001 are organized in sets of requirements for the cardholder data process. PCI-DSS has 12 sets of elements; there are about 250 controls based on securing credit card information. In ISO 27001, there are 11 sets of elements with 114 controls based on improving an ISMS, planning, running, implementing, monitoring. In […]

  GDPR is the General Data Protection Regulation, adopted on April 27, 2016, and it will be valid from May 25, 2018. The GDPR replaces the EU’s Data Protection Directive, and this method is mainly used by European Union member’s to protect their Data.GDPR is primarily used to control the Data Breach, Data portability on […]

Cryptocurrency mining is a kind of digital currency which transfer across the internet, By using cryptocurrency mining people started to earn money in online In recent days many people began to make money by this process, where it calculates the hash rate for every payment for (e.g.) if you are transferring money through online the […]

Netcat is a computer network utility used for taking access, sending access, sending and receiving files over the internet using TCP and UDP connection. This tool is very famous for debugging the network and for investigation purpose. Netcat is also known as NC or swiss army knife. It is the most critical threat to network […]

INTRODUCTION: A web application is helpless against Cross Site Port Attack if it forms client provided URLs and does not disinfect the backend reaction got from remote servers previously sending it back to the client. The responses, in specific cases, can be concentrated to distinguish benefit accessibility (port status, flags and so forth.) and even […]

Introduction XML External Entity Attack is a type of injection or input validation vulnerability which occurs in an application that allows any input parameter or data to be XML input or input which is combined into XML form data, and it is passed to an XML parser running with sufficient privileges to include external or […]

Description Now a day’s modern websites and mobile apps are built through more web services with APIs. By using APIs and web services every application functions around intelligent platforms every day for performance, scale, offload, and reliability to so-called “single-page” websites and mobile applications. To protect the API certain protection should take like controlling API […]

What is Angular.js? Angular.js is an application name estranged into two parts Angular and .JS. Angular defined as the significant meaning of having one or more angles. As well, .js is an extension name of JavaScript, the platform for this framework. It is built on the belief that declarative programming should be used to create […]

Web application technology plays a major role in our regular daily activities like social networking, online shopping and transactions, emails, and other web browsing stuffs. Open Web Application Security Project (OWASP) has defined the major critical vulnerabilities that can affect the web technologies like web server, application, and frameworks used to build the application and […]

What are Apache Struts? Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favours convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX, and JSON. What is CVE 2017-5638 Vulnerability? CVE 2017-5638 is a remote code execution bug that affects […]

Sparta is a Python based GUI application and it’s a network infrastructure pentesting tool by aiding the pentesters in performing scanning and enumeration phase. It saves time for every Security professionals by having tool point and displays all output in a convenient way Features: Run Nmap from Sparta or import Nmap XML output Transparent staged […]

Sn1per – a tool to automate the process of collecting data for the exploration and penetration testing. In their work sn1per involves such well-known tools like: amap, arachni, amap, cisco-torch, dnsenum, enum4linux, golismero, hydra, metasploit-framework, nbtscan, nmap smtp-user-enum, sqlmap, sslscan, theharvester, w3af, wapiti, whatweb, whois, nikto, wpscan and also sniper scans over by the following […]

Power Shell is a command line shell and powerful scripting language used on Windows computers. It has been around for more than 10 years, is used mainly by system administrators, and will replace the default command prompt on Windows in the future. Power Shell scripts are mostly used in legitimate administration work. They can also […]

ISO a non-governmental organization have played a key part in setting up a standard for every organization to perform better relating to its sectors. ISO governs and maintains organization standards with respect to Quality, Environment, Information Security, food and safety, Risk management, Energy management etc. Organizations and businesses will have some form of controls in […]

This section sorts the entries into the three high-level categories that were used in the 2009 Top 25:     Insecure Interaction Between Components     Risky Resource Management     Porous Defenses The Top 25 Vulnerability  are listed below in three categories: Software Vulnerability  Category: Insecure Interaction Between Components (6 errors) Software Vulnerability  Category: Risky Resource Management […]

DESCRIPTION: OS command injection is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subject to this exploit. With the ability to […]

DESCRIPTION: The software imports require or include executable functionality (such as a library) from a source that is outside of the intended control sphere. When including third-party functionality, such as a web widget, library, or another source of functionality, the software must effectively trust that functionality. Without sufficient protection mechanisms, the functionality could be malicious […]

DESCRIPTION: The program invokes a potentially dangerous function that could introduce vulnerability if it is used incorrectly, but the function can also be used safely. Certain functions can be dangerous if used incorrectly. Thread .stop() is such a function. Thread .stop() causes the thread to die immediately, which means it will not be able to […]

DESCRIPTION: The programs do not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries […]

DESCRIPTION: Unrestricted File Upload vulnerability is the ability to upload any type of file through an upload form into a website. This is a very high-security risk because a hacker can upload script/executable files (like .php, .exe etc.), which can then execute remotely and perform various actions, such as explore the file structure, retrieve sensitive […]

DESCRIPTION : This attack  a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. The integer variable is often used as an offset […]

  DESCRIPTION: Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications. Data enters a Web application through an untrusted source, most frequently a web request. The data is included in dynamic content that is sent to a web user without being validated for malicious content. The malicious content […]

  DESCRIPTION: Cross-site request forgery (CSRF) is a weakness within a web application which is caused by insufficient or absent verification of the HTTP request origin. Web servers are usually designed to accept all requests and respond to them. If a client sends several HTTP requests within one or several sessions, it is impossible for […]

DESCRIPTION: Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications. Data enters a Web application through an untrusted source, most frequently a web request. The data is included in dynamic content that is sent to a web user without being validated for malicious content. The malicious content sent […]

  Introduction Injection flaw occur when untrusted data is sent to an interpreter as part of a command or query. To explain in detail Injection flaw occurs when web application sends user-supplied data to other apps such as: Database, Operating System, LDAP, and Web Services, attacker “inject” their malicious code to run instead of actual […]

SQL injection is an attack when an attacker tries to “inject” his harmful/malicious SQL code into someone else’s database, and force that database to run his SQL. This could potentially ruin their database tables and even extract valuable or private information from their database tables. We will see how we can identify SQL injection using […]

A1 – Injection Injection vulnerabilities—such as to SQL, OS, or LDAP injection—occurs when a malicious hacker takes advantage of insecure web application by injecting commands into forms such as a input fields and then gain access to sensitive data which is stored in the web application’s backend database. A2 – Broken Authentication and Session Management […]

What is Encoding? Encoding is the process of converting data into a format required for a number of information processing needs. Web applications employ several different encoding schemes for their data. We will discuss few encoding schema as follows: URL Encoding Unicode Encoding HTML Encoding Base64 Encoding HEX Encoding URL Encoding When you pass information […]

In this blog, we will take a look at the headers recommended by the Open Web Application Security Project (OWASP). These headers can be utilized to actively increase the security of the web application. This blog tries to shed a light on both headers that actively increase security as well as headers that might have […]

What is HTTP? HTTP is an application layer protocol The default port for HTTP is 80 World Wide Web Consortium and the Internet Engineering Task Force, both coordinates in the standardization of the HTTP protocol The resources that can be requested by using HTTP protocol is made available with the help of a type of […]

Introduction: HTTP stands for “Hypertext Transfer Protocol“. The entire World Wide Web uses this protocol. It was established in the early 1990’s. Almost everything you see in your browser is transmitted to your computer over HTTP.  HTTP/1.1 is the version of HTTP in common use. HTTP is based on the client-server architecture model and a […]

What is DNS? DNS stands for domain name system, The Domain Name System (DNS) translates Internet domain and host names to IP addresses and vice versa. DNS automatically converts between the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites. Why is DNS important? When we […]

Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet. There are generally two types of vulnerabilities to be found on the Web: software vulnerabilities and misconfigurations. Google hacking involves using advanced operators in the Google search engine to locate specific strings of text within […]

Every process has its own standards that need to follow to get better outcomes or results. Similarly, penetration testing has its own standards to follow. These standards defines the Methodology and measures that need to be taken before conducting the test What is penetration testing standards? Penetration testing standards are techniques generally set forth in […]

Penetration Testing is a method of testing the security of your organization’s infrastructure and architecture. If you are unfamiliar please view what is penetration testing? By analyzing the attacks in an organization there might be either internal threats or might be External one which may be different methods of Penetration testing What is External Penetration […]

Information technology is growing very fast since a decade simultaneously data breach, theft, information leaking has increased thus Information security was prioritized in every organization to secure their information. Information security has certain standards that need to be followed regularly among which SANS is one of the major contributors. SANS is information security standards that […]

OWASP is one of the standards that are followed by various security testing which includes Web Application, database, mobile etc. We have discussed various standards in our blogs if you need to know. OWASP has been a one among the standards that enhanced the security measures and methodology throughout the global organization.  WHY OWASP STANDARDS? […]

Penetration Testing is one of the main method or tests for creating a secured data and information in an organization You may be familiar with Penetration Testing. If not then please can go through what is Penetration testing? Penetration testing which is categorized as follows BLACK BOX TESTING GREY BOX TESTING WHITE BOX TESTING   […]

Penetration testing is one of the key tests for the security of the organization data and Information. Thus penetration testing is necessary You can look for what is Penetration testing?if you are not familiar with this Penetration Testing can be     Within 7 steps Preparation/pre-engagement interaction 1. Preparation / Pre-Engagement Interaction: Set an objective […]

Penetration Testing is a security testing which is used to test attacks and exploit the vulnerabilities to create safe and secure operations for information and data storage. We suggest reading on what is penetration testing? The main classification of penetration testing is • web application • mobile application • network • infrastructure There are different […]

In this blog, we will discuss some basics of SQL queries which will help us to understand how actually The database works based on the user input at the back end. Database Hierarchy Model: A users can have access to multiple databases, a database can have multiple tables and a table can have multiple records (i.e Columns) and […]

SQL INJECTION SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details. Fig1.1: SQL injection Type of […]