DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


Countermeasures Against XSS

Countermeasures Against XSS


Check and validate all the form fields, hidden fields, headers, cookies, query strings and all the parameters against a rigorous specification.

Implement a stringent security policy.

Web servers, applications servers, and web application environments are vulnerable to cross-site scripting. It is hard to identify and remove XSS flaws from web applications. The best way to find flaws is to perform a security review of the code, and search in all the places where input from an HTTP request comes as an output through HTML.

Cross Site Scripting (XSS) | Performing Stored Attacks

Cross Site Scripting (XSS) | Performing Stored Attacks


In last post to cross site scripting we discussed about how to perform a reflected XSS attack. In this following post we will discus how to perform a stored XSS attack. A stored XSS attack is said to done when attacker uses XSS vulnerability of web application to store his/her submitted script in web application’s database and then it is displayed to other users without being filtered or sanitized. Stored XSS vulnerabilities are common in web application which supports interaction between several users for example, guest books, comment replies, question forms, response forms, review sections etc. If attacker manages to embed a Java script in such application then it can help him/her attack every user who will interact with his/her submitted data. Practically both attacks are performed in same way but on different type of web applications.

Malware Viruses And Worms

Malware Viruses And Worms


Cross Site Scripting (XSS) | Performing Reflected Attacks

Cross Site Scripting (XSS) | Performing Reflected Attacks


In our last post to Cross Site Scripting we discussed some basics related to XSS attacks where I mentioned there are two types of XSS attacks one is reflected and another is stored. Assuming that you have installed Damn Vulnerable Web Application (DVWA) on your system I‘ll demonstrate how a reflected XSS attack is performed. Browse to your DVWA link it will ask you for creating a database click on create database if it fails then browse to XAMPP folder and double click mysql_start.bat. Then login to your DVWA account with username “admin” and password “password”.  Now from left side pane click on DVWA Security and select security level “low”. Click on “XSS reflected” and you’ll be presented with following screen.

Privilege Escalation And Remote Administration

Privilege Escalation And Remote Administration


Windows Hacking

Windows Hacking


Cross Site Scripting (XSS) | The Basics

Cross Site Scripting (XSS) | The Basics


In this following post we will have some basic look over Cross Site Scripting. Cross site scripting is also known as XSS and many times people also abbreviate it as CSS (by the way CSS means Cascading Style Sheets). Commonly XSS is web application attack and not web server attack, it occurs in web application which accepts input without validation and sanitization resulting giving an attacker chance to run a malicious script. XSS vulnerability occurs in a web application due to dynamic nature of a web page which is attained by Java Scripts, VB Scripts, ActiveX controls, Flash contents and scripts and sometimes with help of HTML too.

System And Password Hacking

System And Password Hacking


Web Application Hacking | The Basics - 2

Web Application Hacking | The Basics - 2


In this post we will discus a little about web application technologies and why might be they are vulnerable. So the very first web application technology includes HTML. Many of you might say HTML is only used to design web pages but the answer is partially true. Remind yourself with those days of internet when it wasn’t as interactive as it is today.  Webpage those days never used entities like form field, hidden values, interactive input boxes because they came to play when webpage became interactive and they became interactive when web applications came to play. So an input form, hidden values, input parameters, cookies, obfuscated URLs, hyperlinks etc all those things which can be tampered in web page are all web applications based on HTML. The reason HTML pages make vulnerable web applications just because they all can be easily tampered.

Enumeration

Enumeration


Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security