Introduction Is your server protected against port scanning? The general answer will be “Yes, I have a firewall which restricts access to internal servers from the Internet.” What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it! If the web application running on a […]
The Meaning XE which stands for XML Entity is a standard for representing sets of data. Meanwhile, Entities are more like shortcuts to standard text or special characters e.g. wherever you see “X” replace it with “Y”. An entity can be declared either internal or external. An internal entity is defined in-line like a macro. […]
Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of ways. How do we defend against this? Below we discuss steps that will help your organization identify vulnerable components and initiate mitigation activities. Steps to identify, test and mitigate vulnerable systems Make an inventory […]
Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, let’s understand some basic points. What does Authorization mean? In general, authorization relates to the set of activities which a user can perform once logged on to a particular system. This is typically divided into […]
During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled on it. During enumeration of the web server we figured it was configured to run PHP as well. The PUT method allows an attacker to place a file on the server. Uploading a web shell […]
SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 list’s Injection flaws section. SQLMap is a tool that helps penetration testers prove that SQL injection is one the most critical vulnerabilities present in enterprise security. ‘SQLMap’is a simple python based tool to exploit SQL […]
Browser Reconnaissance and Ex-filtration via Adaptive Compression of Hypertext (BREACH) Attack: Previously we learnt how CRIME attacks SSL/TLS using SSL/TLS compression. Now we look at a more recent attack called the BREACH attack. BREACH attack is quite similar to CRIME attack with subtle differences. This attack also leverages compression to extract data from a SSL/TLS […]
Compression Ratio Info-leak Made Easy (CRIME) attack: In the previous section we saw how the Chosen Plain-text attack was used to weaken the SSL/TLS protocol. In this section we look at another attack on the SSL/TLS protocol. The attack was presented by Juliano Rizzo and Thai Duong; same pair of researchers who demonstrated BEAST attack. […]
Recently there has been a lot of news about a new SSL/TLS based attacks which was demonstrated in this year’s BlackHat conference. The attack was on SSL/TLS and was dubbed BREACH attack. The attack targeted sensitive data being transmitted in HTTP responses. In this article we will explore the BEAST attack as well as two […]
Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management […]
