Category: Online security
Category: Online security
Use Defensive Cybersecurity to Mitigate Cyber attack
Wired.com reported that the Kaseya was warned by the Dutch Institute for Vulnerability Disclosure that there was a potential vulnerability in its system. In this case, Kaseya did not ignore the warning, but Kaseya did not move first to patch up the exposure. The impact of this attack on Kaseya is enormous because it is
Read MoreThe Human Factor in a Ransomware Attack Part-2
Kaspersky Lab conducted a study to determine what role employees play in a business’s fight against cybercrime. The study used over 5,000 businesses around the globe and found out that (52%) of the businesses surveyed believed they are at risk from within and that their employees either intentionally put the businesses at risk or are
Read MoreGathering Penetration Testing Intelligence from Network and Application Platform Configuration
Network configuration refers to the process of setting a network’s controls, flow, and operation to support the network infrastructure of an organization or for an individual owner. Components of a computing network include Internet/network protocols, software or application, firewall, routers, and others that perform related tasks. Most network configurations are designed to meet communication objectives.
Read MoreSecurity Implication of Web Frameworks
Web application frameworks provide a structure for building and developing applications through the provision of predefined classes, modules, and functions. The predefined classes and modules help to manage system hardware, software and to manage the streamlining of the application development process. The framework in this discussion includes application frameworks such as Angular.js or Django and
Read MoreHow to Use Robots.txt File to Gather Intelligence for Penetration Testing
In the head section of web documents, there is meta-information used to describe the page, including helping search engines categorize the page. The meta-information that is of utmost importance to the discussion is the meta information for robots that refers to the robots.txt file. What is the robot.txt file? The roborts.txt is a file that
Read MoreGathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as
Read MorePenetration Testing Information Gathering for Web Server Fingerprinting
Penetration has a standard life cycle, which includes intelligence gathering or reconnaissance, scanning, threat modeling & vulnerability identification, exploitation, Post Exploitation, clean up, and reporting. Different projects may rearrange the stages in different ways, but whichever they rearrange, you have to know that there are standard things to be done and in certain ways. For
Read MoreApproaches to Penetration Testing
The need to discuss testing is borne out of the desire to ensure the safe and secure use of the software. Almost everyone that has access to the internet uses some software or the other. The pandemic era has even made the use of computer software more prevalent than any other time since the origin
Read MoreTool Selection for Penetration Testing
There are several types of tools for penetration testing. The number of available tools is so many that it will be practically impossible to learn all of them. Using the wrong set of tools can be a problem because the pen tester would have wasted so much time trying to gather the wrong information. As
Read More- 1
- 2