Virtual Patching is a security policy enforcement layer which prevents and reports the exploitation attempt of a known vulnerability. This layer analyzes the transactions and intercepts attacks in transit, so malicious traffic never reaches web application. The impact is that actual source code of app has not been modified so exploitation attempt does not succeed.
Perseverance is one characteristic shared by all successful people throughout history. Perseverance is true essence of success.
Laughter is best medicine known to mankind. Development of good sense of humor and ability to make people laugh can do more good for those you come into contact with. Beside making people happy and feel good, humor can be used to make light of an awkward situation and ease both tension and ill feelings…
PMA is seeing good in situations rather than setbacks. More important, it is focusing on positive and using it to your advantage. It is the thriving force behind persistence and perseverance.
Don’t confuse general life purpose with just “life purpose.” General life purpose is a starting point for determining your life purpose that helps you decide who and what is most important in your life right now. See this as a scale with your typical self-centered individual on one end and someone like Gandhi on the other end.
Success is seeking out those who can help you with your goals
Memory works by process of encoding and decoding, commonly referred as recall. Each time memory is recalled, it gets re-encoded, which means it changes over time.
People who do not desire success will rarely achieve it. You must be ready for it and pursue it with passion.
Success is best achieved by working on many aspects of personal development. Well-being is measurable construct that is less nebulous than success and more comprehensive. As learning beings, we must be open to change our beliefs and views based on new information. Think of success as a game of chance in which you have control…
FIPS stands for Federal Information Processing Standard. FIPS 140-2 is IT security approval program for cryptographic modules produced by private sector vendors for use in govt and regulated industries that collect, store, share sensitive but unclassified information. Four Security Levels Level 1 : Lowest level of security. Use of one approved algorithm or function. Use…
Authentication and Session management ensure that you know who is using the application. Similarly, Access Controls is defense mechanism which limits what actions are possible for authenticated users. It must be tested for every request and operation.
This notes is for learning/educational purpose only. Use it at your own risks. THE NEED FOR STATE Session management enables application to identify a given user over number of different requests. It is fundamental security component and also a prime target for attackers. With session management attacks, a user can masquerade as another user or…
This notes is for learning/educational purpose only. Use it at your own risks. AUTHENTICATION TECHNOLOGIES Wide range of technologies are available for authentication mechanism : HTML form-based authentication Multifactor mechanism like combining password and physical tokens Client SSL certificates and/or smartcards HTTP authentication Windows-integrated authentication using NTLM or Kerberos 90% of web apps use…
This is lesson five of Web Application Security Testing blog series. In this lesson, you’ll learn about how data is transmitted from client to server, and how client side controls can be bypassed to capture the data and how those data can be secured at client side.
This is lesson four of Web Application Security Testing blog series. This part of series talks about how a web penetration tester should map the application for further attack. You’ll learn about how to enumerate content and functionalities and map the attack surfaces of application.
This is lesson three of Web Application Security Testing blog series. In this lesson, we’ll learn about basics of web communication, HTTP and HTTPS protocol, Various HTTP request and response headers, HTTP Request methods and various encoding schemes used during communication.
This is lesson two of Web Application Security Testing blog series. This lesson will introduce you about the core elements of defense mechanisms often employed by current web applications. It describes how user input, user access and attackers are handled by application.
This is lesson one of Web Application Security Testing blog series. This lesson will introduce you to common web applications we use today and current and future of web security.
Bandit wargame is for beginners. It will teach the basics required to play other wargames or CTFs.
And as imagination bodies forth The forms of things unknown, the poet’s pen Turns them to shapes and gives to airy nothing A local habitation and a name. – William Shakespeare (A Midsummer Night’s Dream)