Collaborate Disseminate
When I looked up hardcoded password vulnerability in software world, I saw there are three kinds of vulnerabilities. These are that:
CWE-798: Use of Hard-coded Credentials
The Hardcoded Creds vulnerability definition:
"The software c… Continue reading Why are there multiple "Hardcoded Password" Entries in CWE instead of single one?
When I investigated the Google results, the software vulnerability "Hardcoded Password" (cwe-798 & cwe-259) is a vulnerability for IoT devices’ software (see: link1) and thick client software (see: link2, link3). When passwor… Continue reading What types of software can have "Hardcoded Password" vulnerability?
There are some HTTP security headers in the world of cyber security of web applications. These are e.g.:
X-Content-Type-Options
X-Frame-Options
Content-Security-Policy
Referrer-Policy
Strict-Transport-Security
Expect-CT
X-XSS-Protection (… Continue reading Are HTTP security headers only for web browsers?
I want to know how secure the validation code is on a scale of 0-10?
$k = str_replace(‘-‘, ”, $j);
$s = substr($k, 0, 8);
$c = substr($k, 8, 2);
$a = substr($k, 10, 2);
$l = substr($k, 12, 2);
$p = substr($k, 14, 2);
$n = substr($k, 16, 2… Continue reading Is it possible to reverse engineer this code to generate valid key for the code? [closed]
Does sslstrip attack only work on websites which uses both HTTP and HTTPS? On Quora a commenter says that:
One thing to note is that, SSL Strip only works on websites which uses
both HTTP & HTTPS. For example, Ebay,… Continue reading Does sslstrip work only on websites which use both HTTP and HTTPS?
Use the AES calculator (http://williamstallings.com/Crypto/AESCalc/AEScalc.html) to demonstrate CFB mode with AES. Select a 128-bit key and a 384-bit plaintext (all in hexadecimal). Demonstrate outputs from each round in the … Continue reading How CFB mode works?
My phone (Samsung Galaxy note-4, model no SM-N 910U) mugged just couple of hours back while I was browsing in my car. Unfortunately, my location was turned off. I cannot locate it through Android device manager. My questions … Continue reading Phone Mugged while browsing
I tried to encode my tool, which was developed by me with Ruby, by using msfvenom of Metasploit Framework and I succeed. My source code was encoded completely. But, when I tried to use my encoded tool, I met an error “command… Continue reading After encoding process with msfvenom, my tool is not working. Why?
As said in question, does ip spoofing mean that someone uses a proxy, thereby he/she appears as different ip in the internet world?