Blog

Regshot

What is Regshot….? The Registry Shot simply Regshot is one of the Windows process utility tools available in the Sysinternals website which is used to take a snapshot (not a picture), a copy of the system registry information and compare it with another snapshot of the system registry after some changes have been made to […]

Testing SMTP

SMTP means SIMPLE MAIL TRANSFER PROTOCOL. SMTP is a TCP protocol and it uses the port number 25 by default.SMTP is used to transfer the mails from one user to another user or multiple users.SMTP is a connection- oriented; text- based protocol, because a mail sender communicates with the mail receiver by issuing command strings […]

Network Time Protocol (NTP)

The Network Time Protocol is a protocol that is used to synchronize the computer clock time in network of computers. The port number for NTP is 123 and it is udp protocol. NTP uses the Coordinate Universal Time (UTC), to synchronize the computer clock times to milliseconds and sometimes fraction of milliseconds. UTC is obtained […]

DNS (Domain Name System)

DNS means Domain Name System, is a hierarchical distributed naming system for computers, services, or any resource connected to the internet or a private network. The DNS converts the hostnames to the IP addresses and vice-versa. The DNS can be quickly updated, allowing a service’s location on the network to change without affecting the end […]

DNS Spoofing and DNS Snooping

DNS Spoofing: Spoofing: Spoofing means replacing the original information with the fake information. DNS Spoofing: Normally if the users requestanything, first I will go to the DNS server then the user get response back. DNS Spoofing is one type of the man-in-the-middle attack; it forces the victim to go to the fake website. In DNS […]

Broken Authentication and Session Management

Introduction Proper authentication and session management is critical to web application security. Flaws in this area most frequently involve the failure to protect credentials and session tokens through their lifecycle. These flaws can lead to the hijacking of user or administrative accounts, undermine authorization and accountability controls, and cause privacy violations. What isBroken Authentication and […]

OWASP Mobile Application Top 10 Risks

Top Ten Mobile Application vulnerabilities are Insecure Data Storage Weak Server Side Control Insufficient Transport Layer protection Client Side Injection Poor Authorization and Authentication Improper Session Handling Security Decisions via untrusted Inputs Side Channel Leakage Broken Cryptography Sensitive Information Disclosure Insecure Data Storage: It occurs when the developer assume that users wont access the file […]

Unvalidated Redirects And Forwards

Unvalidated redirects and forwards is defined as a web application accepts untrusted input that could cause the web application to redirect the request to untrusted website. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Web applications frequently redirect and forward users to […]