Virtual Patching

Virtual Patching is a security policy enforcement layer which prevents and reports the exploitation attempt of a known vulnerability. This layer analyzes the transactions and intercepts attacks in transit, so malicious traffic never reaches web application. The impact is that actual source code of app has not been modified so exploitation attempt does not succeed.

7 – Using Humor Effectively

Laughter is best medicine known to mankind. Development of good sense of humor and ability to make people laugh can do more good for those you come into contact with. Beside making people happy and feel good, humor can be used to make light of an awkward situation and ease both tension and ill feelings…

6 – Positive Mental Attitude

PMA is seeing good in situations rather than setbacks. More important, it is focusing on positive and using it to your advantage. It is the thriving force behind persistence and perseverance. 

5 – General Life Purpose

Don’t confuse general life purpose with just “life purpose.” General life purpose is a starting point for determining your life purpose that helps you decide who and what is most important in your life right now. See this as a scale with your typical self-centered individual on one end and someone like Gandhi on the other end. 

2 – Why Success?

People who do not desire success will rarely achieve it. You must be ready for it and pursue it with passion.

1 – Introduction

Success is best achieved by working on many aspects of personal development. Well-being is measurable construct that is less nebulous than success and more comprehensive. As learning beings, we must be open to change our beliefs and views based on new information. Think of success as a game of chance in which you have control…

NIST – FIPS 140-2 (Approval of Cryptographic Modules)

FIPS stands for Federal Information Processing Standard. FIPS 140-2 is IT security approval program for cryptographic modules produced by private sector vendors for use in govt and regulated industries that collect, store, share sensitive but unclassified information. Four Security Levels Level 1 : Lowest level of security. Use of one approved algorithm or function. Use…

WEB APPLICATION SECURITY TESTING – 7. ATTACKING SESSION MANAGEMENT

This notes is for learning/educational purpose only. Use it at your own risks.  THE NEED FOR STATE Session management enables application to identify a given user over number of different requests. It is fundamental security component and also a prime target for attackers. With session management attacks, a user can masquerade as another user or…

WEB APPLICATION SECURITY TESTING – 6. ATTACKING AUTHENTICATION

  This notes is for learning/educational purpose only. Use it at your own risks.   AUTHENTICATION TECHNOLOGIES Wide range of technologies are available for authentication mechanism : HTML form-based authentication Multifactor mechanism like combining password and physical tokens Client SSL certificates and/or smartcards HTTP authentication Windows-integrated authentication using NTLM or Kerberos 90% of web apps use…

WEB APPLICATION SECURITY TESTING – 4. APPLICATION MAPPING

This is lesson four of Web Application Security Testing blog series. This part of series talks about how a web penetration tester should map the application for further attack. You’ll learn about how to enumerate content and functionalities and map the attack surfaces of application.

WEB APPLICATION SECURITY TESTING – 3. WEB COMMUNICATIONS

This is lesson three of Web Application Security Testing blog series. In this lesson, we’ll learn about basics of web communication, HTTP and HTTPS protocol, Various HTTP request and response headers, HTTP Request methods and various encoding schemes used during communication.

WEB APPLICATION SECURITY TESTING – 2. CORE DEFENSE MECHANISMS

This is lesson two of Web Application Security Testing blog series. This lesson will introduce you about the core elements of defense mechanisms often employed by current web applications. It describes how user input, user access and attackers are handled by application.

OverTheWire – BANDIT

Bandit wargame is for beginners. It will teach the basics required to play other wargames or CTFs.

A Midsummer Night’s Dream

And as imagination bodies forth The forms of things unknown, the poet’s pen Turns them to shapes and gives to airy nothing A local habitation and a name. – William Shakespeare (A Midsummer Night’s Dream)