Web Security Dynamic Analyses with OWASP ZAP

What is Dynamic Security analysis ? Dynamic application security testing (DAST) is examine the security application in the running sate and trying to poke it and prod it in unexpected ways in order to discover security vulnerabilities.[1] What is OWASP Zap ? The OWASP Zap attacking proxy is one of the most popular free security … Continue reading Web Security Dynamic Analyses with OWASP ZAP

Cross-site Scripting Attacks: Misunderstood and Dangerous

How misunderstood is it? In a large number of situations, cross-site scripting is compared to SQL-injection due to similarities in their practice of injecting malicious code into legitimate and trusted code. However, this is misguiding and demeaning to both attack categories. They are two quite independent beasts that work in very different contexts and arise … Continue reading Cross-site Scripting Attacks: Misunderstood and Dangerous

Introduction to forensics & Lab 01

Computer Forensics Definitions "A methodical series of techniques and procedures for gathering evidence,from computing equipment and various storage devices and digital media,that can be presented in a court of law a coherent and meaningful format "                                       … Continue reading Introduction to forensics & Lab 01

Introduction to penetration Testing

What is penetration testing? Penetration testing ,often called “pentesting”,”pen testing”,is the practice of attacking your or your client's IT Systems and infrastructure in the same way hacker would identify the security holes but without actually  harming the System. The person carrying out pentartion test is called a penetration tester or pentester. IMPORTANT: Penetration require to … Continue reading Introduction to penetration Testing