Skip to main content

Posts

SAST vs DAST

SAST vs DAST If you come across what is SAST and DAST. Than probably you are looking for application source code review. we will know what exactly SAST and DAST is and What’s the best approach for application security testing? The differences between SAST and DAST include where they run in the development cycle and what kinds of vulnerabilities they find. Learn why you need both. Recent high-profile data breaches have made organizations more concerned about the financial and business consequences of having their data stolen. They know they need to identify vulnerabilities in their applications and mitigate the risks. So they’re adding application security testing, including SAST and DAST, to their software development workflows.   What are SAST and DAST? SAST and DAST are application security testing methodologies used to find security vulnerabilities that can make an application susceptible to attack. Static application security testing (SAST) is a white box method of testing. It exam

OWASP Top 10 2021

OWASP Top 10 2021 What is OWASP? The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security. One of OWASP’s core principles is that all of their materials be freely available and easily accessible on their website, making it possible for anyone to improve their own web application security. The materials they offer include documentation, tools, videos, and forums. Perhaps their best-known project is the OWASP Top 10. What is the OWASP Top 10? The OWASP Top 10 is a regularly updated report outlining security concerns for web application security, focusing on the 10 most critical risks. The report is put together by a team of security experts from all over the world. OWASP refers to the Top 10 as an ‘awareness document’ and they recommend that all companies incorporate the report into their processes in order to minimize and/or mitigate security risks. Below are the security risks reported in the OWASP Top 10 202

iPhone 13, iPhone 13 Pro, iPhone 13 Mini, iPhone 13 Pro Max Features and Price

iPhone 13, iPhone 13 Pro, iPhone 13 Mini, iPhone 13 Pro Max  Features and Price. Apple has recently launched 4 Models of iPhone 13. All four models have been fitted with A15 Bionic SoC and will be shipped with iOS 15. The phones will also have a TrueDepth Camera system in the front for Face ID and selfies, and smaller notches. While the 6.1-inch iPhone 13 and iPhone 13 Pro phones have been fitted with Super Retina XDR OLED display having a 1,170×2,532 pixels resolution, the iPhone Pro Max has a 6.7-inch Super Retina XDR OLED display with a 1,284×2,778 pixels resolution. iPhone 13 Mini on the other hand has a 5.4-inch Super Retina XDR OLED display having a 1,080×2,340 pixels resolution. A key highlight of the iPhone 13 Pro models is the ProMotion technology having a 120Hz refresh rate. While iPhone 13 and iPhone 13 Mini have a dual rear camera setup with 12MP ultra-wide shooter and 12MP wide-angle shooter. iPhone 13 Pro and Pro Max have an additional 12MP telephoto shooter and a LiDAR s

How to find OPTIONS method Enable Vulnerability

How to find OPTIONS method Enable Vulnerability Today we are going to Learn various techniques to find OPTIONS Method Enable in Web-Application. To find HTTP Protocol methods and the tools used to extract those available HTTP methods in a web server. The HTTP protocol comprises of a number of methods that can be utilized to not only gather the information from the Web server but can also perform specific actions on the Web server. These techniques and methods are helpful for web application developers in the deployment and testing stage of web applications. GET and POST is the most well-known methods that are used to access and submit the information provided by a web server, respectively. HTTP Protocol allows various other methods as well, like PUT, CONNECT, TRACE, HEAD, DELETE. These methods can be used for malicious purposes if the webserver is left misconfigured and hence poses a major security risk for the web application, as this could allow an attacker to modify the files stored

How to Find saved Wi-Fi Password in Windows Using CMD and GUI

How to Find saved Wi-Fi Password in Windows Using CMD and GUI In this Thread we will learn how to check the saved Wi-Fi password in our windows operating system sometimes happens that we forget our Wi-Fi password and it is painful to reset our Wi-Fi password as all our home devices and system are connected with the same network and we have to save the new password again to all our devices. But we can save ourself from resetting Wi-Fi password if we ever connected our Windows 10 PC to that Wi-Fi network. Windows keeps a record of all our networks and their password so we don’t have to type the password again to connect to the same network.  We can recover our forgotten Wi-Fi password by running a couple of quick ‘netsh’ commands using Windows Command Prompt And by going to Network Settings. Finding Wi-Fi Password CMD Step1 : Press start and type CMD , right-click on the Command Prompt option shown as a search result and click on Run as administrator.   Step 2 : Type netsh in the comman

How to use FoxyProxy in Mozilla Firefox for Burp Suite

How to use FoxyProxy in Mozilla Firefox for Burp Suite The foxy proxy is used to make a proxy in the browser. Foxyproxy is a browser extension that simplifies configuring proxies on browsers. It is one of the most advanced proxy switchers in the market as it has other features that other proxy switchers lack. One of the advantages of using this plugin is that the proxy setting is confined to the browser environment. Typically, when you want to configure proxies for your browser, you have to configure it from the system level, which then means that other browsers and apps have to access the Internet through the proxies you configured. Requirements  Install Mozilla Firefox Install Foxyproxy Download Mozilla and Foxyproxy and install them. After installing both the application you will see the foxy proxy icon on Top right-hand side. Step to Setup Foxy proxy for burp suite Intercept 1. Go to Options and Click on ADD 2. In Title write the name and in Proxy Type Select HTTP. 3. In Proxy IP a

How to install Burp Suite Professional for free on Windows

How to install Burp Suite Professional for free on Windows As this is an illegal way to use Burp Suite I am not responsible for it. It is just for educational purpose information. Burp Suite is an integrated platform for performing security testing of web applications. It is designed to be used by hands-on testers to support the testing process. Here we will see how you can install it for free on your Windows 7/8/10 64-bit machine. Requirements:   Java JDK   Burp Suite Pro Zip   Burp Suite Latest Version After you have downloaded both the files, follow these steps: * Run the downloaded file JDK-13.0.2_windows-x64_bin.exe and let it install. * Search environment in the Windows search bar. You will see a match for Edit the system environment variables . Open it and then click the Environment Variables button at the bottom. You will see a window containing a part like this: Under the System variables tab, click New and add the following variables: Variable name: CLASSPATH Variable valu

How to Create DNS Entry In Windows

 How to Create DNS Entry In ALL Windows A hosts file is a computer system file that maps human-friendly hostnames (domain names) to their IP address. It uses an IP address in IPv4 or IPv6 format to resolve the hostname and the browser can quickly connect to the hosting server. DNS Entry is used to specify some IP address to the Domain Name or Website By doing DNS Entry You can Prank someone by redirecting it. Following are the steps for DNS Entry. In Windows Making DNS Entry or make an entry in HOST. Go To  C:\Windows\System32\drivers\etc In the folder, the Hosts file will be present Right Click on it And open with Notepad as Administrator Privilege. And change the IP address which you want to give Now to check it is directed to that IP address you can Ping domain name it on CMD. If it is redirected to the same IP address you have successfully made DNS Entry in Host. And another way is to open CMD in  C:\Windows\System32\drivers\etc    and type command hosts type. Just go to the browse

US attacked on SYRIA

US attacked SYRIA 2021 Joe Biden Became the President of the US his Administration started strick Action against Syria. The airstrike was the first military action undertaken by the Biden administration, which in its first weeks has emphasized its intent to put more focus on the challenges posed by China, even as Mideast threats persist. Biden's decision to attack in Syria did not appear to signal an intention to widen U.S. military involvement in the region but rather to demonstrate a will to defend U.S. troops in Iraq.  He confident in the target that we went after, we know what we hit, Defense Secretary Lloyd Austin told reporters flying with him from California to Washington. Speaking shortly after the airstrikes, he added, We're confident that that target was being used by the same Shia militants that conducted the strikes," referring to a Feb. 15 rocket attack in northern Iraq that killed one civilian contractor and wounded a U.S. service member and other coalition p