OWASP Mth3l3m3nt Framework

Categories
OWASP Mth3l3m3nt, Uncategorized, Web Attacks

It’s Finally out there the OWASP Mth3l3m3nt Framework . It’s a small tool to aid you in carrying out your pentest tasks with as little resources as possible. Most of us can afford the simple shared hosting services but not a powerful enough VPS to run pentest distros especially due to cost constraints. This one […]

Can Phishers be more uncreative in 2015???

Categories
Uncategorized, Web Attacks

It has become a trend with the 4 phase phish : Identify a target Attack the site Upload phishing page Email and Harvest Well from the previous post we identified some flaws in the phishing attack but that’s 2014. It gets worse when phishers become this uncreative. The uncreativity was an attempt in one of […]

Clouded Flaws

Categories
Uncategorized, WAAS, Web Attacks, webdev

This is a simple discussion based on the demo done at Barcamp 2014.This writeup is based on the problems faced in the implementation of a majority of the cloud based systems especially those offered as SaaS. Some of the issues highlighted here are:  Session Management Failures Poor Coding Practices (Non Secure SDLC) Failed Business Continuity […]

Business Continuity Failures

Categories
Uncategorized, Web Attacks, webdev

Everyone Loves Good Backup Systems to ensure in event of anything you are back to business ASAP. This however can be your biggest downfall if done wrong. As of Yesterday (2014-10-09),  WordPress Ready! Backup Plugin has this done wrong By Breaking two rules of the web: Logging Backup Process to a Web Viewable Interface on […]

Identifying Scam Sites (Payvilla Review)

Categories
Uncategorized, Web Attacks

There have been a lot of links referring payvilla.com but are they real. This article is one to help identify scam sites. Common and Consistent Flaws No security certificate and it handles jobs and payments, well even facebook is merely a social network but they went through the trouble. Dingy ads at the bottom under […]

XAMPP 1.7.3 Heisting

Categories
Uncategorized, WAAS, Web Attacks

Due to the increase in Web Application Exfiltration of data it would be prudent to show a simple scenario that would have this kind of attack suffice; This is to show a vulnerability within webdav service on xampp 1.7.3. Let’s assume the setup below as a simple lab: A banking system application in PHP hosted on […]