What is Cross-Site Scripting (XSS)?
1. What is Cross Site Scripting? Cross Site Scripting (Cross Site Scripting, XSS) is a Web application attack in the data output to the page when there is a problem,...
Category: Web Vulnerability Analysis
XSS Jacking: new XSS attack that combines hijacking, Self-XSS, copy and paste hijacking
XSS Jacking is a new XSS attack by Dylan Ayrey that can steal sensitive information from the victim. XSS Jacking requires three paired with other technologies, are clicking hijacking, hijacking...
XPath Injection & Blind XPath Injection Vulnerability
XPath Injection Similar to SQL injection, XPath injection occurs when the site uses the information entered by the user to construct the request for XML data. An attacker sends specially...
CSP – Content Security Policy
CSP (Content Security Policy) is mainly used to define which resources page (JS / CSS / FONT / IFRAME / XHR / …) can be loaded, can effectively play the...
PenQ – The Security Testing Browser Bundle
PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web...
What is Server Side Template Injection (SSTI)?
The web application uses templates to make the web pages look more dynamic. Server Side Template Injection occurs when user input is embedded in a template in an unsafe manner....
WMAP: Web Vulnerability Scan on Metasploit
Introduce The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open...
What is NoSQL injection?
What is NoSQL? NoSQL often translated as Not only SQL, is a type of database that does not use the traditional SQL interface and usually does not store its...
The Top 8 Burp Suite Extensions
Burp Suite is an integrated platform for attacking web applications. It contains a number of tools, and for these tools to design a number of interfaces to accelerate the process...
Finding and exploiting Cross-site request forgery (CSRF)
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of...
jsprime: a javascript static security analysis tool for finding DOM-XSS
Both in the traditional PC Web platform or mobile terminal platform, client-side or server-side, the JavaScript fairly good performance and reflect the rich framework to support, so it as a...
Penetration Testing in the Real World
A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it...
Penetration-Testing-Toolkit: A web interface to automate Penetration Testing
Penetration Testing Toolkit A web interface to automate Scanning, Generating metasploit payload, Network Testing,Exploring CMS,Information Gathering,DNS Queries,IP Tools,Domain tools and much more. Features Includes web interface for different tools for...
vscan: vulnerability scanner tool using nmap and nse scripts
Introduction nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine to scan single...
Vane: open source WordPress Vulnerability Scanning
Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress...
