Traceroute : How it works
Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It utilizes the IP protocol’s time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host. This tool verifies the…
Back Refresh Attack Vulnerability on QualysGuard- Your browser’s back button can do more than you think !!
Hello Guys !! Hope the new year started good for you all. Continuing my previous statement of “sometimes functionality leads to vulnerability..”, I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios…
CSV Macro Injection
CSV Macro Injection : It’s rather a trick to abuse the functionality… Application security is quite a tricky domain. Just imagine for all those years when you thought something as a functionality of the application and suddenly it turns out to be a vulnerability which can be exploited to take down your system completely. CSV…
Is your CAPTCHA Strong enough !!
We have seen a lot of DoS (Denial of Service) attacks in recent times. An old but promising solution to DoS attacks in web applications is to have CAPTCHA implemented in the publicly available form/pages. However, all CAPTCHA implementations are not quite safe, and some implementations would give the user a headache. There are recent…
iOS Mobile Application Security Assessment for Beginners
Why Mobile Application Security? With the ever increasing penetration of Mobile apps into our day to day life, it’s imperative that Mobile Applications will be at the behest of hackers and Security professionals likewise. Thanks to phenomenal advances in mobile device capabilities, everything from shopping, banking, recharge, booking tickets and many such activities are performed…
Understanding and Testing Web Services – Part 1
Most of the time folks find it really difficult to test web services. It is because we don't have proper knowledge of web services. Before any testing it is important to understand the system, we should know what can be the positive and negative sides of the technology and implementations of that application. Lets dive…
Shadows are there to protect your Passwords (How Shadow-Utils is storing your password in Linux)
Our world would have been exponentially more peaceful if there was no fear of theft. We would’ve left our doors open but still enjoyed our privacy and security. Unfortunately looking at the current scenario, that’s a rather impossible fiasco. And hence the need for doors and locks. A similar case is applicable for the digital…
No CAPTCHA reCAPTCHA
How many times you feel affronted while reading those stupid numbers or words and re-entering it just to prove that you are a human. We call them CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) and recommend it to avoid several kind of flooding attacks, brute force attacks and sometimes even for…
SQL Injection- Not a Cup of Cake
What is SQL Injection: I have gone through many SQL Injection tutorials before writing this post. One thing was common at every place, the queries coming from the readers. Many people don’t know what actually SQL Injection is. They think that they can easily enter into the database and make some changes, or they can…
- 1
- 2