WAF or Web application firewall is a security tool that protects a website from various type of attacks which included but not limited to: SQL-injection, XSS, Local file inclusion and others. Web based IPS (intrusion prevention system) has also been designed to protect a web server but these is a difference between WAF and IPS; web application firewall provides protection from web-based attack while IPS protect a web server from network based attack.
metasploit tutorial and in this article we are not going to cover the usage of Metasploit but this article will look inside of metasploit and how can a penetration tester utilize them.
SQL injection targets the back-end database, allowing hackers to create, delete, modify or read sensitive data. The consequences of such a breach are varied, depending on the motivation behind the attack. Regardless of whether a hacker is attempting to expose sensitive data or on a mission to cause serious consequences, enterprises want to avoid being vulnerable to SQL injection.
Conferences, seminars and other ethical hacking events are very useful for infosec professional to get in touch with latest happenings. It is also very important to get to know each other better, networking with people increase the chances of getting job and even to make group of like-minded people. This is a little different article from what we used to publish in ehacking, because this article is focus on a comment that a user made and asked to discuss the dress code of ethical hackers.
Cross scripting (XSS) vulnerabilities leave your database open to exploitation. Once I hacker has gained entry they can add information, remove information or download that information for their own use. Companies need to audit their web applications in order to make sure that their data is invulnerable to XSS. Six ways that your data may be vulnerable include: cookies, and SSL connection, forums, user issues, special characters and limited security.
PHP is one of the most famous, open source scripting language that is specially designed for web development. Most of the websites are based on PHP, so the vulnerability assessment of PHP is one of the important pillar of web application security. There are so many automatic tools are available that can scan a web server, database and even applications for vulnerability but we also need to verify the code that used to develop the particular website and for this purpose we have PHP Vulnerability Hunter.