Get Involved
2019 Infosec, Inc. All rights reserved. Infosec, the Infosec logo, the InfoSec Institute logo, Infosec IQ, the Infosec IQ logo, Infosec Skills, the Infosec Skills logo, Infosec Flex, the Infosec Flex logo, PhishSim, PhishNotify, AwareEd and SkillSet are trademarks of Infosec, Inc. GIAC...
Comment(0)
Continuing on our previous article Comprehensive list of Software Testing Types | Agile, Acceptance, Beta & Ad-hoc are NOT the Testing Types, lets deep dive into the world of different Testing Types. (Hope you have gone through the basics Attention! Get your facts clear before facing an ...
Suppose you have a page hosted on
a.com
and it uses JSONP to access services provided by
b.org
. This involves placing 100% trust in
b.org
. If
b.org
is malicious or buggy, it can subvert the security of the embedding page and all of the
a.com
origin. This kind of excess trust is dangerous from a se...
The SQL Database TCP port 1433.
mssql_ping
Setting the RHOSTS option we can get information about the database including version information, server name etc
mssql_login
Setting the options RHOSTS, PASS_FILE, VERBOSE we can brute-force attack the target for valid credentials. If the server is misco...
1 Comment
You know the routine: you get a gig doing a web app pen test. You break out Burp (or whatever lesser proxy you prefer), and get ready to ruin some developers day. And then, just as you get ready to load the target URL and start, you see a ton of update requests hit the proxy.
Its annoying....
Hack in the Box.
Their entrance exam is really straightforward and it still stuck me. Too many months pretending Im not a pentester gave me brain lock when I hit it. I did the basics, I viewed source, tracked down something that looked super important, inviteapi.min.js. Just from the filename I knew...
Comments Off
on Honeypots stick it to the hackers
You dont have to be Winnie The Pooh to find a honeypot irresistible hackers are also liable to get their heads stuck. Security advisers are exploiting cyber criminals liking for a soft target by setting up deliberate deception scenarios for instanc...
Just as a professional athlete doesnt show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either.
The Hacker Playbook
provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, ...
PenTest: Get to Know Yourself Before Others Do
With multi-tier network architectures, web services, custom applications, and heterogeneous server platform environments, keeping data assets secure is more difficult than ever. Coupled with this complexity is the fact that criminal organizations have o...
This is a blog post with images
08/15/2018
Images add an artistic touch to your blog posts and will help draw in your readers. The first image from your content will automatically be used as the thumbnail for the blog post. The perfect opening image can increase the attractiveness of your article.
B...
A comprehensive pentest methodology which quickly and cost-effectively assesses the security posture of a vessel even while it is underway, has been launched by Cyprus-based cyber security specialist Epsco-Ra Security Systems. Known as RASP (Rapid Attack Simulation PenTest), the process provides a d...