Skip to main content

Posts

Showing posts with the label Linux

LOG4J VULNERABILITY ASSESSMENT AND MITIGATION

LOG4J VULNERABILITY ASSESSMENT AND MITIGATION What is Log4j?   Log4j, Zero-day exploit the popular Javalogginglibrarylog4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string.Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache webservers and Spring-Boot web applications. The vulnerability has been reported with CVE-2021-44228 against the log4j-corejar.CVE-2021-44228 is considered an acritical flaw, and it has a base CVSS score of 10, the highest possible severity rating. Who is Impacted !! Too many services are vulnerable to this exploit as log4j is a wild rang used  Java-based logging utility. Cloud  services like Steam, Apple iCloud,  and applications like  Minecraft have already been found to be vulnerable. Anybody using Apache frameworks services or any Spring- Boot Java-based framework applications that uses log4j2 is likely to be vulnerable. HOW THE EXPLOIT WORKS !!   The exploit works when there is a servic

How to Install Jitsi on Azure, AWS or Local Server without Domain Name

How to Install Jitsi on Azure, AWS or Local Server Without Domain Name In this thread i will tell you how to install Jitsi on any Cloud Platform such as Azure, AWS, Digital Ocean or Local Server without having Domain Name.    Requirements Should have Azure, AWS, Digital Ocean or any cloud platform. Minimum 1 GHz Processor, 2 GB Ram with 20GB Hard Disk. Should have Linux Centos or Ubuntu OS. Application needed Nginx or Apache Server.    Installation Steps: Follow the steps in below manner   Step 1: Open the Terminal in Ubuntu.   Step 2: sudo apt-get install gnupg2   Step 3: sudo apt-get install nginx    Step 4: sudo apt-get install wget   Step 5: sudo apt update   Step 6: sudo apt install apt-transport-https   Step 7: sudo apt-add-repository universe   Step 8: echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list   Step 9: wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -   Step 10: curl https://d

SAST vs DAST

SAST vs DAST If you come across what is SAST and DAST. Than probably you are looking for application source code review. we will know what exactly SAST and DAST is and What’s the best approach for application security testing? The differences between SAST and DAST include where they run in the development cycle and what kinds of vulnerabilities they find. Learn why you need both. Recent high-profile data breaches have made organizations more concerned about the financial and business consequences of having their data stolen. They know they need to identify vulnerabilities in their applications and mitigate the risks. So they’re adding application security testing, including SAST and DAST, to their software development workflows.   What are SAST and DAST? SAST and DAST are application security testing methodologies used to find security vulnerabilities that can make an application susceptible to attack. Static application security testing (SAST) is a white box method of testing. It exam

How to find OPTIONS method Enable Vulnerability

How to find OPTIONS method Enable Vulnerability Today we are going to Learn various techniques to find OPTIONS Method Enable in Web-Application. To find HTTP Protocol methods and the tools used to extract those available HTTP methods in a web server. The HTTP protocol comprises of a number of methods that can be utilized to not only gather the information from the Web server but can also perform specific actions on the Web server. These techniques and methods are helpful for web application developers in the deployment and testing stage of web applications. GET and POST is the most well-known methods that are used to access and submit the information provided by a web server, respectively. HTTP Protocol allows various other methods as well, like PUT, CONNECT, TRACE, HEAD, DELETE. These methods can be used for malicious purposes if the webserver is left misconfigured and hence poses a major security risk for the web application, as this could allow an attacker to modify the files stored

10 most Linux termax centos redhat basic commands for Beginners

Linux  Termax Centos Redhat basic commands  you should know as a Beginner Today I will tell you the easiest way and most useful basic Linux commands. Open The Terminal by pressing CTRL + ALT + T, SHIFT + CTRL + N or by Clicking Application → Favourites → Terminal How to check in which Directory or Folder you are pwd           (Printing current working Directory) ls               (List containing File and Folder) ls -l            (List with File and Folder Details) ls -lah        (List with File and Folder Structure) cd              (Used for navigation) cd ..           (Back to the previous Directory) cd /             (Back to root Directory) rm              (Remove File) rmdir          (Remove Directory) rm -r           (Remove the empty file/folder) mkdir          (Make New Directory) cp                (copy) mv               (move file/folder) touch           (make new file) nano            (Text Editor)  vim              (Text Editor) cat                (Concatenate