Questions tagged [penetration-testing]

This tag is for questions that involve black box security testing of applications and/or networks. Questions that involve vulnerability scanning, offensive security, exploit development, etc., might fall under this tag.

Filter by
Sorted by
Tagged with
343votes
8answers
449kviews

What is "X-Content-Type-Options=nosniff"?

I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' This ...
user avatar
  • 3,995
87votes
5answers
45kviews

Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be ...
user avatar
  • 3,229
33votes
3answers
63kviews

Adding authentication in ZAP tool to attack a URL

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.
user avatar
21votes
2answers
6kviews

How to SECURE my FLUTTER Mobile Application? (Flutter App Penetration Testing Result)

Where can I get Flutter App security documentation or best practice? I am nearly ready to publish my app. I use online (free version) https://www.ostorlab.co/report/ and check the security of my app. ...
user avatar
13votes
3answers
8kviews

Security vulnerability testing tool for .NET web applications? [closed]

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net ...
user avatar
  • 1,181
12votes
5answers
12kviews

Penetration Testing vs Other Security Testing

I do not know the difference between penetration testing and other forms of security testing. Could anyone experienced in that area tell me the differnces? I would really appreciate it. On the side ...
user avatar
  • 7,403
9votes
1answer
22kviews

Setting Content Security Policy in Apache web server

We had a penetration testing and one of the findings were: "Missing Content-Security-Policy HTTP response header" We did a bit of research and found out how to set this in the web servers httpd.conf ...
user avatar
8votes
3answers
16kviews

Preparing an ASP.Net website for penetration testing

Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the ...
user avatar
  • 9,017
7votes
2answers
293views

Can end user contact SQL DB if he can write his own Javascript?

I have a website on which i let the user edit the frontend of the website. The user only has access to an editor, not to the server its hosted on. The user asked me to also allow javascript. This ...
user avatar
7votes
2answers
6kviews

How to pass user credentials through Wapiti Web Application Vulnerability Scanner

I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and ...
user avatar
  • 1,424
7votes
1answer
2kviews

Is it possible to spoof or reuse VIEWSTATE or detect if it is protected from modification?

Question ASP and ASP.NET web applications use a value called VIEWSTATE in forms. From what I understand, this is used to persist some kind of state on the client between requests to the web server. ...
user avatar
  • 4,921
7votes
2answers
1kviews

XSS - Which browsers automatically escape urls in the address bar?

I have been performing some xss / javascript-injection / penetration-testing on my asp.net site recently and noticed that modern web-browser (ie latest FF and Chrome) are escaping the urls entered ...
user avatar
6votes
12answers
6kviews

Which of these scripting languages is more appropriate for pen-testing? [closed]

First of all, I want to avoid a flame-war on languages. The languages to choose from are Perl, Python and Ruby . I want to mention that I'm comfortable with all of them, but the problem is that I can'...
user avatar
  • 12.1k
6votes
1answer
363views

Controlling SQL Servers best-fit unicode transformation

A recent whitehat scan made me aware of SQL Server's best fit unicode transformations. This means that when a string containing unicode characters is converted to a non-unicode string, SQL Server ...
user avatar
  • 3,646
6votes
2answers
8kviews

Sqlmap traffic capture

I am trying to understand how SQLmap works. For example, sqlmap finds injection on my site - Place: GET Parameter: selected Type: UNION query Title: MySQL UNION query (NULL) - 5 columns ...
user avatar
5votes
4answers
11kviews

How do I provide stdin inputs from command line?

I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by me. The vulnerable code uses scanf to ...
user avatar
  • 2,387
5votes
1answer
5kviews

Penetration testers say that the .ASPXAUTH cookie is insecure and is displaying session data?

I thought the .ASPXAUTH was for user authentication? Can anyone confirm if this cookie is indeed a security risk and/or contains session information? Is it even suppose to be used or is it some debug ...
user avatar
  • 40.9k
5votes
2answers
2kviews

Where can I find an exhaustive list of web attack strings [closed]

I'm looking for exhaustive list(s) of web attack strings, which includes as many possible injection strings as possible, including SQLis , XSS, XPATH injections, SSIs, etc. Preferably encoded in ...
user avatar
  • 435
5votes
1answer
2kviews

Conditional/Executable Comments in MySQL/SQL Server

Before I begin, I realize that what I'm attempting is bizarre and hackish. It's just for an isolated pen test, specifically SQL Injection. What I need to do is write a SQL statement that behaves ...
user avatar
  • 758
4votes
1answer
12kviews

OWASP's ZAP and the Fuzz ability

My scenario: I navigate to a login page. I put in a known username with a bad password. ZAP picks this up no issue. I select the POST to the login page. I find the lines that contain the Username ...
user avatar
4votes
1answer
8kviews

How to intall ssl support for Nikto scanner?? I am trying install ssl library dependencies.Help me to achieve it

I have installed nikto on ubuntu 12.04 .when i am trying to scan targets oves ssl .It is sayin no SSL supoort .Please help me confgure nikto . On nikto website below line is written ,but not explained....
user avatar
4votes
1answer
26kviews

Use App Scripts to open form and make a selection

To put this briefly I am testing a Google drive form that will record votes for a school election to ensure that it is secure. Is there a way to open a form from the shared URL and list/input data? ...
user avatar
  • 826
4votes
3answers
2kviews

Preventing 'content-sniffing' type vulnerabilities when handling user-uploaded images?

The problem: I work on an internal tool that allows users to upload images - and then displays those images back to them and others. It's a Java/Spring application. I have the benefit of only needing ...
user avatar
  • 2,887
3votes
1answer
4kviews

Enable stack canaries in ios swift

I was looking for a way to enable stack canaries for my ios application in swift but then i found that recent version of xcodes have the flag required to enable stack canaries is enabled by default. ...
user avatar
  • 1,385
3votes
3answers
3kviews

Pen testing your MVC application

Here are some the commonly known practices for securing an MVC application: Encode your output Parameterize your SQL Test your search backwards and forward 1 way hash passwords Lock out accounts or ...
3votes
4answers
13kviews

is it possible to load BackTrack 5 on Raspberry Pi?

I am thinking about loading Back Track 5 on the Raspberry Pi and was wondering if this is possible or am I setting myself up for wasting a lot of time? The ARM version of BackTrack5 is ~1 GB ...
user avatar
  • 1,747
3votes
2answers
2kviews

Pen test blind SQL injection and viewstate error

I have an asp.net web app that's going through a pen test by internal IT. They are using IBM AppScan to run scans against the web app. One of the errors that keeps coming up is viewstate input field ...
user avatar
  • 842
3votes
2answers
2kviews

Utilizing ZAP for RESTAPI testing

I'm curious as to how ZAP can be used to test RESTAPIs in the context of API security. Is it just the OpenAPI add on that can be used or are there other(more effective) methods?
user avatar
  • 41
3votes
1answer
4kviews

Is it fine to use duplicate response header with same value?

I found a response where duplicate headers are used by the application with the same value. Could anyone tell me that, Is it a good programming practice or those are used for security perspective or ...
user avatar
3votes
1answer
2kviews

AWS ALB Host Header Attack

I'm trying to find a way to stop a host header attack from happening on my ALB. My load balancer takes care of redirecting port 80 to 443 and that is where the attack is possible. Right now the only ...
user avatar
3votes
1answer
167views

Is there a security concern in RxJS library?

Currently I am working on a project that uses RxJS within Angular framework. A recent penetration testing report highlighted that the use of window.postMessage(‘’, ‘*’) in the application could lead ...
user avatar
3votes
1answer
371views

WordPress Cookie Security - Persistent Cookie comment_author change to session cookie

Can someone explain to me how I would go about changing WordPress comment_author cookie expiery tag, I want to delete the 'Expires=' tag to change it to a session cookie. Where would i do this in ...
user avatar
3votes
1answer
9kviews

Python windows privilege escalation

So, I want to run a program in administrator mode (UAC) After some digging i foud this: import os import types from traceback import print_exc from sys import argv, executable def isUserAdmin(): ...
user avatar
3votes
2answers
944views

Request.PathInfo issues and XSS attacks

I have a couple of websites running on .NET 3.5 still due to an API restriction. We will eventually move these sites to the latest .NET version this year. One of the penetration tests indicated a ...
user avatar
  • 3,632
3votes
1answer
2kviews

Is the Expect-CT HTTP header still relevant in 2021?

We recently had a penetration test performed on our site and one of the recommendations was to implement the Expect-CT HTTP response header: It is recommended to implement the Expect-CT header. A ...
user avatar
  • 1,096
3votes
1answer
200views

SQL Server database injection

I have a simple web application in asp with SQL Server back end database. The login page has an injection point and I am able to bypass the login by the usual ` ' OR 1=1 '. Now I was able to ...
user avatar
  • 41
2votes
2answers
5kviews

How do I verify a password which is hashed using a random salt?

I am developing a web application. Now from security perspective, salted hashing is required for the password while it is sent from client to server. Now my problem is, if I randomly generate a ...
user avatar
  • 161
2votes
2answers
900views

Testing of Web Security

In your experience, what have you found, worked on, or encountered in terms of site vulnerabilities? And what actions did you take to mitigate these issues? This may include XSS (cross site scripting)...
2votes
2answers
7kviews

Request library not found - theHarvester.py

I am newish to programming and following a tutorial on IT security which uses a python utility called theHarvester to gather email accounts and domains for penetration testing purposes. I have python ...
user avatar
2votes
3answers
4kviews

Difference between Red Team, Penetration Testing and Blue Team [closed]

If a corporation includes as "internal entities" all of the following teams: 1) Red Team 2) Penetration Testing Team 3) Blue Team What will be the differences between them? I find some difficulties ...
user avatar
  • 57
2votes
2answers
11kviews

Penetration testing for PHP security vulnerabilities [closed]

I am doing a undergrad research paper on "Identifying and Testing security vulnerabilities in websites". Initially I thought I would test manually as I had specified in my methodology that I would ...
user avatar
2votes
2answers
10kviews

python scripts with metasploit-framework

I have installed metasploit-framework from git. It's working fine. I have followed tutorial from Metasploit Framework. Now I would like to add more scripts to this framework, like scripts from Avg ...
user avatar
  • 2,006
2votes
3answers
64views

Check if directory is a subdirectory of specific directory

I'm currently developing a Web-App with an SSH-Connection. One Task is that I need to validate if a directory is below the htdocs-dir of the current user. Until now, what I did is checking the ...
user avatar
2votes
1answer
4kviews

Is SQL injection possible even on a prepared statement

I read many articles on Stack Overflow regarding how SQL injection can be prevented by using prepared statements But is there any way to do SQL injection even on prepared statements or is it 100% ...
user avatar
  • 2,911
2votes
2answers
16kviews

get ip address from bssid

I am doing some penetration testing, and im trying to find out, if i can get the IP address of an router if i got the bssid, or any i can get with the AIR tools? I use Linux Kali with the Air tools ...
user avatar
  • 1,982
2votes
1answer
3kviews

Host Header Injection

I am a beginner in security and reading about the host header injection. I tested an application for this vulnerability and it is possible there for some request but developer implemented no-cache, no-...
user avatar
2votes
1answer
461views

how dangerous are the S3 error handling url parameters

a website has this form where you can submit a file, there's an error in which when u try to access the file before uploading it, you get this fallback from S3, of what severity would you consider ...
user avatar
2votes
1answer
114views

Signing an apk. Is this a measure of securing against penetration attacks?

My questions: When I am signing my apk for release, does a checksum number created for securing my apk for penetration attacks? So if someone gets his hands on my apk and is able to open it and ...
user avatar
  • 3,488
2votes
2answers
1kviews

Writing to directory with 777 permission

It is usually said that if a directory has 777 permission , the world can write to it hence it is not supported. Suppose I have domain like abc.com/DIR DIR is the directory and has 777 permission, ...
user avatar
  • 1,685
2votes
1answer
1kviews

drools spreadsheet - input validation of spreadsheet rules

I'm currently investigating designing a business solution that uses the drools decision table spreadsheet format (link to jboss drools documentation). A business user would own and maintain the rules ...
user avatar
  • 22.1k

15 30 50 per page
1
2 3 4 5
8