Collaborate Disseminate
I have a VM which is exposed to the internet. I can see a lot of scans for /azenv.php, /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php and like in my server logs.
How do I protect from these scans?
Am I being targeted for a hack?
Is t… Continue reading Securing against scans
I ask this question because there is a common compliance argument that performing an “OWASP Top 10” scan provides enough coverage to consider it an “in-depth” scan. Is this the case, or are organizations implementing a minimal level of sca… Continue reading Does OWASP’s top 10 list cover the majority of potential web application vulnerabilities?
First Situation: I proxy through some requests to zap and want to perform an active scan on them. Zap active scan is working on one property at a time, and this particular request requires some of the properties to be unique per request.
… Continue reading What is the best way for OWASP Zap to handle Unique Fields and API Sequences?
Just today I’m migrating some of my webpages to a new server. After a couple hours the services was ready, I set up a hosts file with my domain example.com pointing to the server address, went to my browser and navigated to the domain and … Continue reading Got requests to unpublished services. Am I being spied on?
My brother received the following website link from his friend telling him to open it:
http://toddphelps.com//dHtKFTqXovg2ump/fcbg/?cat=3&i=1778287
Unfortunately he opened it before telling me on his Phone. I have analyzed that susp… Continue reading What does this website do? [closed]
I found an option
-nocache : Disable response cache
in here
https://cirt.net/nikto2-docs/options.html
But when I tried it, I always get this error
Unknown option: nocache
I tried evaluating the NVTs with OpenVas and I can definitely say they are great. Now, I’ve seen an option that shows “Enable generic web application scanning”. But I didn’t find an option to enable it.
Any help with this?
… Continue reading How can I enable web application scanning in OpenVas? [on hold]
I’m trying to run some automated scans without stopping for long periods of time (each scan can take anywhere from 8 hours to 3 days). I currently don’t have a PC I can leave running for many days without shutting down, nor c… Continue reading Where to run long automated scans? [on hold]
Background: Hired a freelancer to develop software application
Software application came with many more files and dependency folders than expected
Upon inspection, the main .exe was created months before the freelancer was … Continue reading Windows 10 Hyper-V to run a Untrusted exe
I couldn’t find answers to this question on this forum so I’m just gonna ask:
What are Active Scans and Passive Scans? What are their differences?
Please include in your answer(s):
differences in methods
risks in using ac… Continue reading Pentesting: Active vs Passive Scan