penetration-test – Page 20 – WindowsTechs.com

Is using PBKDF2 good protection against brute-force attacks on web application login pages?

Posted on October 28, 2020 by Silvercroft

We’ve recently had a penetration test for one of our applications.
The Penetration Testing company identified that our application lacks protections against brute-force attacks on the login page.
Ref: https://owasp.org/www-community/contro… Continue reading Is using PBKDF2 good protection against brute-force attacks on web application login pages?→

GraphQL endpoint security testing

Posted on October 28, 2020 by Sai Dutt Mekala

I am working with a team who is developing a mobile app for which they are using GraphQL.
So as part of performing security testing it, they only shared the graphql endpoint and nothing else.
Not even the app UI nor any credentials.
Based … Continue reading GraphQL endpoint security testing→

Is it worth to study cybersecurity now?

Posted on October 18, 2020 by Pavlo

I want to study pentest. But recently I read Cronus CyBot,Cymulate and PenTera, WPA3, WPA2-enterprice. That instruments destroys pentester work or make it impossible. So it is worth to me to learn it?

Continue reading Is it worth to study cybersecurity now?→

.local domain any possible ways in getting the extension

Posted on October 17, 2020 by None_None

I was recently working on Broken link Hijacking and found a link in a target which reflected on multiple pages. It was portal.REDACTED.local which was not accessible and returned response as bad host.
So I never saw a extension that has .l… Continue reading .local domain any possible ways in getting the extension→

Cybersecurity Tool Kit

Posted on October 13, 2020 by Digital Defense Inc.

The post Cybersecurity Tool Kit appeared first on Digital Defense, Inc..
The post Cybersecurity Tool Kit appeared first on Security Boulevard.
Continue reading Cybersecurity Tool Kit→

Java – Ultra Light Client (ULC traffic inspection)

Posted on October 13, 2020 by poule

I’m working on security assessment of thick client application created using ULC. It is black box approach.
Based on wiki (wiki.c2.com): "Ultra Light Client (ULC) for Java is a widget set that enables a Swing Look and Feel for Servlet… Continue reading Java – Ultra Light Client (ULC traffic inspection)→

Verifying the security of SAML SSO

Posted on October 13, 2020 by eden881

I run an instance of a log aggregation product in the cloud, installed on a VM. I’ve strictly configured it’s networking settings, internal firewall, internal port redirection, strong admin password, valid HTTPS certificate, etc. The web i… Continue reading Verifying the security of SAML SSO→

Bash – SUID Program’s Child Process did not inherit Parent Process UID as EUID

Posted on October 9, 2020 by Rennitbaby

Background
In practicing pentesting a VM on Vulnhub I encountered an issue that is quite interesting with Brainpan. After initial access with a limited shell generated from a BoF exploit on a service running on port 9999, I did some basic … Continue reading Bash – SUID Program’s Child Process did not inherit Parent Process UID as EUID→

Have I been hacked ? Please help guys

Posted on October 4, 2020 by CandyShop

I really need some help here. I have been having some strange things happening lately and wasn’t sure if someone was doing a de-authentification attack or someone had managed to hack my network. So today, I decided to download Wireless Net… Continue reading Have I been hacked ? Please help guys→

How to share penetration tests results + remediation plan to third party companies without exposing one’s self

Posted on September 28, 2020 by abbood

We are integrating our services with 3rd party companies (ie customers are able to buy the products of third party companies on our platform). These companies are asking us to provide to their security teams a penetration test.
Although we… Continue reading How to share penetration tests results + remediation plan to third party companies without exposing one’s self→