Basics of Burp Suite for identifying vulnerabilities and verifying attack vectors for web-based applications Part-1

DISCLAIMER  This tutorial is only for Educational purposes. Please don’t use these kind of attacks for unethical purposes. Burp or Burp Suite is an integrated platform for performing security testing of web applications. Information security professionals use Burp to identify vulnerabilities and verify attack vectors for web-based applications. The framework is written in Java and developed by PortSwigger Security. … Continue reading Basics of Burp Suite for identifying vulnerabilities and verifying attack vectors for web-based applications Part-1

Web Security Dynamic Analyses with OWASP ZAP

What is Dynamic Security analysis ? Dynamic application security testing (DAST) is examine the security application in the running sate and trying to poke it and prod it in unexpected ways in order to discover security vulnerabilities.[1] What is OWASP Zap ? The OWASP Zap attacking proxy is one of the most popular free security … Continue reading Web Security Dynamic Analyses with OWASP ZAP

Static Code analysis

What is Static Code analysis  Static Code analysis(Source code analysis) is usually performed as part of Code review and carried out at the software implementation phase of a Secure Software Development life Cycle (Secure SDLC).Static code analysis falls under white Box testing when considering  different type of the testing approaches.Static code analysis commonly refer to running … Continue reading Static Code analysis