Collaborate Disseminate
I am quite new to UFW and IpTables and I am trying to understand what kind of rules we should look to implement to keep a web-application secure. The current scenario I am testing myself in is that I am writing rules for an application lik… Continue reading Writing effective UFW & IpTable rules
I am trying to better understand and determine the impact and implications of a web app where data tamping is possible.
When discussing data tampering, I am referring to when you are able to use a tool such as BurpSuite or Tamper Data to i… Continue reading Does client-side data tampering allow more than just evading validation? Dictionary attacks? Brute-force login attempts?
I am trying to better understand measures that can be used to protect a web-application. I’m trying to determine which would be more effective, implementing a UFW or using IpTables.
From my perspective, they are both as effective as each o… Continue reading UFW vs IpTables for web application security
I am confused about LFI where I have seen many broken web-app demos demonstrate LFI where they traverse to a directory similar to /etc/passwd. How are these passwords being stored exactly? I do not understand why there is a directory for p… Continue reading File inclusion exposed passwords
I am wondering how someone might look to protect their website against directory traversal attacks using tools such as Dirbuster which may reveal some sensitive directories?
I am new to ethical hacking and I often find myself really confused when evaluating and determining the danger level of information that can be found regarding a domain when performing OSINT. I’m not sure what information an ethical hacker… Continue reading Determining threat when performing OSINT