Translate

What is Vulnerability Assessment?

Vulnerability assessments are necessary for discovering potential vulnerabilities throughout the environment. There are many tools available that automate this process so that even an inexperienced security professional or administrator can effectively determine the security posture of their environment. Full exploitation of systems and services is not generally in scope for a normal vulnerability assessment engagement.
Systems are typically enumerated and evaluated for vulnerabilities, and testing can
often be done with or without authentication. Most vulnerability management and
scanning solutions provide actionable reports that detail mitigation strategies such as
applying missing patches, or correcting insecure system configurations.
Vulnerability identification allows you to do your homework. You will learn about what
vulnerabilities your target is susceptible to so you can make a more polished set of attacks. 

What is Website Defacement?


Web  Defacement  attack  the  invader  changes the  visual  appearance  of  the  web page.  The  business  competitor, Insurgent  and  extremist  groups  defame  the  reputation  of  the organizations  and  mislead  public  through  these  types  of  attacks. Manual  monitoring and scrutinizing these attacks on web sites is a time consuming and tedious task for law enforcement agencies. Hence  there  is  a  need  to  develop  a system  which  effectively monitors  the  content  of  web  sites  and  automatically  generate alarm  for  any  suspicious  or  threatening  activity. 
Basically, websites are defaced by exploiting the vulnerabilities in
the web server and gaining root shell injecting malicious coded into the target page residing on the server.

What is Pharming Attack?


Pharming : is a sophisticated technique that allows automatically re-directing a user to a malicious site. It means, it redirects you to some malicious website without your knowledge. It's quite embarrassing huh.

What is IP Sniffing and Spoofing


Sniffing and Spoofing are security threats that target the
lower layers of the networking infrastructure supporting
applications that use the Internet. Users do not interact
directly with these lower layers and are typically
completely unaware that they exist. Without a deliberate
consideration of these threats, it is impossible to
build effective security into the higher levels.
If the network packets are not encrypted, the data within the network packet can be read using a sniffer.

What is Phishing?

Phishing (sounds like fishing), is a social engineer attempt to get the targeted individual to disclose all the personal information like user names, account numbers, sensitive data and passwords. This is often done set up fake web sites that mimic original, emails from corporations, banks, and customer support staff. Other forms of phishing attempt to get users to click on hyperlinks that will allow malicious code to be installed on the targets computer without their knowledge. This malware will then be used to remove data from the computer or use the computer to attack others. Phishing normally is not targeted at specific users but may be everyone on a mailing list or with a specific email address extension, for example all the users with extension “@companyName.com”.

Security Testing Methodologies

Security Testing should be done in a standardized process. It cannot be tacked on to an application at the last minute. A proper security framework should include continuous security training for all developers, threat models for the entire system, regular code reviews and frequent penetration testing.

What are the types of penetration testing?

Types of Penetration Testing :

  • Black Box Penetration Testing
  • White Box Penetration Testing
  • Grey Box Penetration Testing

Black Box TestingThe main differences are that with black box testing the testers are given very little or no information prior to the penetration test. It is also referred to as "blind testing" because the tester has to find an open route to access the network.

What is a Vulnerability, Payload and Exploitation?

What is a Vulnerability?

A vulnerability is a security hole in a piece of software or hardware which can provide a potential vector to attack a system. Thus to compromise a system the first step is to find a vulnerability in that system. In simple words a vulnerability is just the weakness in the software that allows an attacker to gain control.

What is Penetration Testing and Why is It Important?

Penetration Testing (pentesting or security testing) is the process of testing your applications for vulnerabilities. An effective penetration test will usually involve a skilled hacker, or team of hackers. The testers not only discover vulnerabilities that could be used by attackers but also exploit vulnerabilities, where possible, to assess what attackers might gain after a successful exploitation.

What are the commands used in Linux?

This section gives insight into the most important commands of your linux system. To open terminal, press ctrl+alt+t.

The command line is a key part of any truly modern computer operating system.

Here's the list of commands