Category: Online security
Category: Online security
Gathering Penetration Testing Intelligence from Network and Application Platform Configuration
Network configuration refers to the process of setting a network’s controls, flow, and operation to support the network infrastructure of an organization or for an individual owner. Components of a computing network include Internet/network protocols, software or application, firewall, routers, and others that perform related tasks. Most network configurations are designed to meet communication objectives.
Read MoreSecurity Implication of Web Frameworks
Web application frameworks provide a structure for building and developing applications through the provision of predefined classes, modules, and functions. The predefined classes and modules help to manage system hardware, software and to manage the streamlining of the application development process. The framework in this discussion includes application frameworks such as Angular.js or Django and
Read MoreHow to Use Robots.txt File to Gather Intelligence for Penetration Testing
In the head section of web documents, there is meta-information used to describe the page, including helping search engines categorize the page. The meta-information that is of utmost importance to the discussion is the meta information for robots that refers to the robots.txt file. What is the robot.txt file? The roborts.txt is a file that
Read MoreGathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as
Read MorePenetration Testing Information Gathering for Web Server Fingerprinting
Penetration has a standard life cycle, which includes intelligence gathering or reconnaissance, scanning, threat modeling & vulnerability identification, exploitation, Post Exploitation, clean up, and reporting. Different projects may rearrange the stages in different ways, but whichever they rearrange, you have to know that there are standard things to be done and in certain ways. For
Read MoreApproaches to Penetration Testing
The need to discuss testing is borne out of the desire to ensure the safe and secure use of the software. Almost everyone that has access to the internet uses some software or the other. The pandemic era has even made the use of computer software more prevalent than any other time since the origin
Read MoreTool Selection for Penetration Testing
There are several types of tools for penetration testing. The number of available tools is so many that it will be practically impossible to learn all of them. Using the wrong set of tools can be a problem because the pen tester would have wasted so much time trying to gather the wrong information. As
Read MoreSelection of Tools for Penetration Testing
There are several types of tools for penetration testing. The number of available tools is so many that it will be practically impossible to learn all of them. Using the wrong set of tools can be a problem because the pen tester would have wasted so much time trying to gather the wrong information. As
Read MorePlanning for Penetration Testing
In the last episode, I described the need to test your systems to assess if it has any vulnerability, and then use the report to fix up and patch the crucial areas of importance. Penetration testing is also referred to as ethical hacking. Though both refer to the same concept, there is a difference between
Read More- 1
- 2
