In the digital economy since the 1990s the internet started to boom, cell phone technology transformed to smartphones. Modern smartphones, regardless of iOS power or Android OS based, are the de facto world standard. As more and more people use smartphones and as you can see, its sales are outperforming the traditional pc and even
The Concepts and Philosophy of Red, Blue and Purple Team ideally work in perfect harmony with each other, as two hands that form the ability to clap. Like Yin and Yang or Attack and Defense, Red and Blue teams could not be more opposite in their tactics and behaviors, but these differences are precisely what
E-SPIN please to announce for the following latest round of the Immunity CANVAS and SILICA, CANVAS Exploitation Pack update and upgrade for the following related product lines compiled from the various technical resources for easy reading in one go: D2 Elliot Web Exploitation Framework 1.14, August 7 2018 D2 Elliot has been updated with 11
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user’s Web application session while that session is still in progress. Types of Session Hijacking
What is SQL Injection? The most common type of hack attack seen these days, however, involves SQL injection. Attackers including hacktivists favor SQL injection attacks because they allow attackers to “inject” their own commands into databases. When databases aren’t configured to properly screen inputs for signs of attack, attackers have an easy-to-use, remote technique for obtaining any information
As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide
Is the exploitation of web vulnerabilities worth the trouble? Does it create unnecessary risks that should be avoided? Why exploit flaws anyway? This is not a black and white circumstance. Every situation is unique. But here’s what I know. The exploitation of web security flaws such as Cross-Site Scripting, SQL injection and Cross-Site request forgery is arguably the
How do you handle your web application testing, vulnerability scans, test data and related security assessment reports? I’ve found that this is something that doesn’t get a lot of attention in web application security circles but is still impactful to the business. It’s actually kind of ironic that those of us working in IT and security often forget
- 1
- 2