In your experience, what have you found, worked on, or encountered in terms of site vulnerabilities? And what actions did you take to mitigate these issues? This may include XSS (cross site scripting), SQL Injection attacks, plain old DDOS or phishing attempts on your site's customers. Only yesterday I came across an entire section of ...
As far as I can see the offerings fall into two categories – scanning services such as McAfee, Comodo, etc. and tools such as Burp Proxy, HP’s WebInspect,CodeScan, etc. In an ideal world, I’d use something that actively scanned a certain URL (the target being a LAMP stack) on a daily basis (or as required if it’s a standalone tool), bu...
Website security testing is an imp area of testing. How can we ensure the penetration of important info from HTTP request bucket? There are many tools which can show us http request bucket but how can we ensure penetration from it ? What should be techniques to test this area ? ...
I am in late testing phase of my web application. The application will be tested at a larger scale now. During this time I want to test my website against various types of known penetration tools. I am aware that it will be better to let a professional handle this subject, and this will be happening. But before I take that route I wan...
Could someone provide ideas how HTTP::Proxy module is compared to others proxies like paros and burp proxy and if someone use it during his work specifically if it used by the pen testing community for real job ...
Could someone provide links for tutorial about libwhisker library? ...
I thought the .ASPXAUTH was for user authentication? Can anyone confirm if this cookie is indeed a security risk and/or contains session information? Is it even suppose to be used or is it some debug thing? ...
Hi, I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net web app and find all security flaws exist. I tried CAt.net but it is not able to support big apps. i saw abt owsap but againt it is a...
I have been interested in this for a while, Could anyone suggest any books on this topic? I have programming experience but nothing involving pentesting or web security. If the book required pre-requisite knowledge please say so! Thanks! ...
Im interested in learning penetration testing, but I have no idea where to begin. Could someone suggest some beginner books or resources? I have experience with programming (not in C/C++ though...) so I understand basic concepts like that. Thanks ...
Im interested in a job involving security and I was curios what its like as a pen tester from the time the client approches you to the time your finished. Like what steps are taken to test an app? Thanks! ...
Hi all, I have a C\C++ code that receives a structure over the network, from this form: struct DataStruct { int DataLen; BYTE* Data; } The code I have runs over Data in a loop of DataLen times and processes the data. ...The problem: After the code came to security experts for penetration tests, they prepared a fake application whic...
What tools are out there that can perform code coverage analysis at the machine code level rather than the source code level? I'm looking for a possible solution to perform fuzz testing on software that I do not have source code access. ...
Is it possible to, from within a PHP script, execute the same commands you could with the MySQL client? I know I could theoretically call 'system' to invoke the mysql client installed on the system, but I am not sure how to avoid interactivity (I don't want a REPL/shell, I just want to fire a command). Is there a way to execute command...