InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 8 min 38 sek zpět

OWASP Top 10 #7: Insufficient Attack Protection

23 Srpen, 2017 - 16:21

“Security  is always seen as too much until the day it’s not enough.” This quote by William H. Webster, an American attorney, jurist and current Chairman of the Homeland Security Advisory Council, pretty much defines the complexity of the new entry to the OWASP (Open Web Application Security Project) Top 10 Series: A7-Insufficient Attack Protection. […]

The post OWASP Top 10 #7: Insufficient Attack Protection appeared first on InfoSec Resources.

Kategorie: Hacking & Security

OWASP Top 10 #6: Sensitive Data Exposure

22 Srpen, 2017 - 17:16

Since 2003, The Open Web Application Security Project (OWASP) has provided the information security community with the “Ten Most Critical Web Application Security Risks.” With the recent release of the 2017 update, not surprisingly, sensitive data exposure remains a major concern affecting almost every company around the globe that uses web applications. To put it […]

The post OWASP Top 10 #6: Sensitive Data Exposure appeared first on InfoSec Resources.

Kategorie: Hacking & Security

OWASP Top 10 #5: Security Misconfiguration

21 Srpen, 2017 - 17:09

Recently, the Open Web Application Security Project (OWASP) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.) This is one of […]

The post OWASP Top 10 #5: Security Misconfiguration appeared first on InfoSec Resources.

Kategorie: Hacking & Security

OWASP Top 10 #4: Broken Access Control

18 Srpen, 2017 - 17:01

Recently, OWASP (the Open Web Application Security Project) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.) This is one of […]

The post OWASP Top 10 #4: Broken Access Control appeared first on InfoSec Resources.

Kategorie: Hacking & Security

PHP Lab: Review the code and spot the vulnerability

18 Srpen, 2017 - 14:00

Introduction and background An application has been developed in PHP, and the source code of the login page is given for source code review to ensure that no serious vulnerabilities are left in the application. Please note that the following setting is enabled in the php.ini file. register_globals = On The application can be accessed […]

The post PHP Lab: Review the code and spot the vulnerability appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Steal iCloud Keychain Secrets via OTR

17 Srpen, 2017 - 23:12

Apple iCloud Keychain In Mac OS 8.6, Apple introduced its Keychain password management system. Still integrated into every Mac OS release since then, Keychain provides a centralized storage for passwords, network shares, notes, certificates, credit card details and many other sensitive types of data. With the increasing popularity of both cloud applications and password managers […]

The post Steal iCloud Keychain Secrets via OTR appeared first on InfoSec Resources.

Kategorie: Hacking & Security

OWASP Top 10 #3: Cross-Site Scripting (XSS)

17 Srpen, 2017 - 21:56

Cross-Site Scripting Cross-site scripting (XSS) attacks involved the injection of malicious code into trusted websites. One of the traditional uses of XSS is a hacker stealing session cookies in order to impersonate another user. Lately, it has been the malicious act used to spread malware, deface websites, and phish for useful credentials. It occurs when […]

The post OWASP Top 10 #3: Cross-Site Scripting (XSS) appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top 5 Strategies to Avoid Getting Hacked Online

17 Srpen, 2017 - 16:19

While we are becoming increasingly more reliant on technology and storing our information online, this trend increases the quantity and desire of hackers to try and acquire your sensitive information such as passwords and files. Your computer getting infected with a malicious virus can give the hacker the ability to access your computer and can […]

The post Top 5 Strategies to Avoid Getting Hacked Online appeared first on InfoSec Resources.

Kategorie: Hacking & Security

OWASP Top 10 #2 – Broken Authentication Session Management

16 Srpen, 2017 - 21:46

Making the network secure can never get enough attention in today’s world. It’s of paramount importance, especially for people working in the field of information technology, to understand the various cyber-attacks possible on web applications and also to find out some possible prevention techniques. Some of the most common attacks include (but are not limited […]

The post OWASP Top 10 #2 – Broken Authentication Session Management appeared first on InfoSec Resources.

Kategorie: Hacking & Security

PHP Lab: Analyze the code and spot the vulnerability

16 Srpen, 2017 - 14:00

Introduction and background: A penetration test has been conducted on the following URL, and a SQL Injection vulnerability was identified. http://192.168.56.101/webapps/sqli/sqli.php The developers were notified about the vulnerability, and they were asked to fix the vulnerability. After fixing the vulnerability, the new code has been promoted to the following URL. http://192.168.56.101/webapps/sqli/sqliv2.php Analyze the fixed code […]

The post PHP Lab: Analyze the code and spot the vulnerability appeared first on InfoSec Resources.

Kategorie: Hacking & Security

OWASP 2017 Top 10 vs. 2013 Top 10

15 Srpen, 2017 - 21:32

After a long interval of four years, OWASP in April 2017 released a draft of its latest list of “Top 10 Web Application Security Vulnerabilities.” The OWASP Top 10 has served as a benchmark for the world of application security for the last 14 years. It was designed to allow developers to identify and avoid […]

The post OWASP 2017 Top 10 vs. 2013 Top 10 appeared first on InfoSec Resources.

Kategorie: Hacking & Security

HBO Hacked, Game of Thrones script leaked on the Internet

15 Srpen, 2017 - 19:34

Early August, hackers announced to have breached the systems of the television network HBO that is owned by the giant Time Warner. Crooks claimed to have stolen 1.5 terabytes of data from HBO, including information on the current season of Game of Thrones and a script that is reportedly for the upcoming fourth episode of Game of Thrones Season 7. […]

The post HBO Hacked, Game of Thrones script leaked on the Internet appeared first on InfoSec Resources.

Kategorie: Hacking & Security

PHP Lab: PHP Double Submit Problem.

14 Srpen, 2017 - 14:00

Introduction and background If a user refreshes a page after submitting a form, he may accidentally post the content again resulting in duplicate submission, thus causing undesired results. This is known as double submit problem. In this lab, we will programmatically understand why this problem occurs and how to fix this. Lets begin The application […]

The post PHP Lab: PHP Double Submit Problem. appeared first on InfoSec Resources.

Kategorie: Hacking & Security

PHP Lab: File Upload Vulnerabilities:

11 Srpen, 2017 - 14:00

Many websites require file upload functionality for their users. Social networking websites, such as Facebook and Twitter allow their users to upload profile pictures. Job portals allow their users to upload their resumes. File upload functionality is crucial for many web applications. At the same time, it is a big risk to the application as […]

The post PHP Lab: File Upload Vulnerabilities: appeared first on InfoSec Resources.

Kategorie: Hacking & Security

How Security Awareness Training Can Save You From the Horror of Malware

10 Srpen, 2017 - 23:47

Introduction The first impression of cybersecurity usually refers to the technical aspect. Computer science jargon ranging from software development, network configuration, database management and hardware manufacturing are not easy to be comprehended by average computer users. These fields require specialist knowledge as well as significant theoretical and practical training. Certainly, security issues take place in […]

The post How Security Awareness Training Can Save You From the Horror of Malware appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Identity Comes of Age

10 Srpen, 2017 - 00:17

I remember going to the Internet Identity Workshop at the Computer History Museum back in 2009. It was an “unconference,” which meant that anyone could present as long as you got your idea up on the board quickly. I presented on the topic of “Information Cards.” Information Cards were an identity framework brought to fruition […]

The post Identity Comes of Age appeared first on InfoSec Resources.

Kategorie: Hacking & Security

SecurityIQ Product Update: August 2017

9 Srpen, 2017 - 20:39

This week’s SecurityIQ feature release includes several exciting new capabilities for improved functionality. Updates include data-housing capabilities for European clients, improved reporting tools and simplified language preference management. Read on for complete release details. Download the complete SecurityIQ features overview. Increased Learner-Privacy Controls to Further Comply with EU-US Privacy Shield European SecurityIQ clients now have […]

The post SecurityIQ Product Update: August 2017 appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Online Tools and Services for Wannabe Criminals: A Dangerous Trend

9 Srpen, 2017 - 14:00

Hackshit PhaaS platform Today it is quite easy to conduct any kind of attack without specific knowledge, for example, phishing campaigns using tools like Hackshit. The Hackshit crimeware-as-a-service was discovered by the experts from Netskope Threat Research Labs in July; It is a Phishing-as-a-Service (PhaaS) platform that offers low cost, “automated solution for the beginner scammers.” The […]

The post Online Tools and Services for Wannabe Criminals: A Dangerous Trend appeared first on InfoSec Resources.

Kategorie: Hacking & Security

PHP Lab: File Inclusion attacks

9 Srpen, 2017 - 14:00

Introduction File inclusion is one of the popular yet old vulnerabilities that are often seen in websites. PHP websites that make use of include() function in an insecure way become vulnerable to file inclusion attacks. Before going ahead with file inclusion vulnerabilities, let us understand, what include() function does. A developer can include the content […]

The post PHP Lab: File Inclusion attacks appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Privacy in the Era of IoT

9 Srpen, 2017 - 00:08

Once upon a time, computer privacy was something along the lines of making sure no one was peeking over your shoulder while you wrote a letter on your desktop. Then things changed. Something called the Internet appeared. In terms of privacy, the Internet was a little like opening the stable door and letting the horse […]

The post Privacy in the Era of IoT appeared first on InfoSec Resources.

Kategorie: Hacking & Security