Category: System security

Category: System security

Gathering Penetration Testing Intelligence from Network and Application Platform Configuration
June 1, 2021 Cyber defense, cybersecurity, Elearning, Online security, Penetration testing, Pentest, System security, Web frameworks admin

Network configuration refers to the process of setting a network’s controls, flow, and operation to support the network infrastructure of an organization or for an individual owner. Components of a computing network include Internet/network protocols, software or application, firewall, routers, and others that perform related tasks. Most network configurations are designed to meet communication objectives.

Read More
Security Implication of Web Frameworks
May 18, 2021 Cyber defense, cybersecurity, Elearning, Online security, Penetration testing, Pentest, System security, Web frameworks admin

Web application frameworks provide a structure for building and developing applications through the provision of predefined classes, modules, and functions. The predefined classes and modules help to manage system hardware, software and to manage the streamlining of the application development process. The framework in this discussion includes application frameworks such as Angular.js or Django and

Read More
How to Use Robots.txt File to Gather Intelligence for Penetration Testing
April 27, 2021 Cyber defense, cybersecurity, Online security, Penetration testing, Pentest, System security admin

In the head section of web documents, there is meta-information used to describe the page, including helping search engines categorize the page. The meta-information that is of utmost importance to the discussion is the meta information for robots that refers to the robots.txt file. What is the robot.txt file? The roborts.txt is a file that

Read More
Gathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP
April 20, 2021 Cyber defense, cybersecurity, Online security, Penetration testing, System security admin

Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as

Read More
Penetration Testing Information Gathering for Web Server Fingerprinting
April 15, 2021 Cyber defense, cybersecurity, Online security, Penetration testing, System security admin

Penetration has a standard life cycle, which includes intelligence gathering or reconnaissance, scanning, threat modeling & vulnerability identification, exploitation, Post Exploitation, clean up, and reporting. Different projects may rearrange the stages in different ways, but whichever they rearrange, you have to know that there are standard things to be done and in certain ways. For

Read More
Approaches to Penetration Testing
April 7, 2021 Cyber defense, cybersecurity, Elearning, Online security, Penetration testing, System security admin

The need to discuss testing is borne out of the desire to ensure the safe and secure use of the software. Almost everyone that has access to the internet uses some software or the other. The pandemic era has even made the use of computer software more prevalent than any other time since the origin

Read More
Tool Selection for Penetration Testing
March 23, 2021 cybersecurity, Online security, System security admin

There are several types of tools for penetration testing. The number of available tools is so many that it will be practically impossible to learn all of them. Using the wrong set of tools can be a problem because the pen tester would have wasted so much time trying to gather the wrong information. As

Read More