Questions tagged [penetration-testing]

Ask Question

This tag is for questions that involve black box security testing of applications and/or networks. Questions that involve vulnerability scanning, offensive security, exploit development, etc., might fall under this tag.

374 questions
Newest
Active
Bountied
Unanswered
Filter by
Sorted by
Tagged with
343votes
8answers
449kviews

What is "X-Content-Type-Options=nosniff"?

I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' This ...
user avatar
Koffeehaus
  • 3,995
87votes
5answers
45kviews

Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be ...
user avatar
Nick Evans
  • 3,229
33votes
3answers
63kviews

Adding authentication in ZAP tool to attack a URL

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.
user avatar
user2323844
  • 381
21votes
2answers
6kviews

How to SECURE my FLUTTER Mobile Application? (Flutter App Penetration Testing Result)

Where can I get Flutter App security documentation or best practice? I am nearly ready to publish my app. I use online (free version) https://www.ostorlab.co/report/ and check the security of my app. ...
user avatar
user9239214
13votes
3answers
8kviews

Security vulnerability testing tool for .NET web applications? [closed]

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net ...
user avatar
Punit
  • 1,181
12votes
5answers
12kviews

Penetration Testing vs Other Security Testing

I do not know the difference between penetration testing and other forms of security testing. Could anyone experienced in that area tell me the differnces? I would really appreciate it. On the side ...
user avatar
Petr
  • 7,403
9votes
1answer
22kviews

Setting Content Security Policy in Apache web server

We had a penetration testing and one of the findings were: "Missing Content-Security-Policy HTTP response header" We did a bit of research and found out how to set this in the web servers httpd.conf ...
user avatar
lecarpetron dookmarion
  • 353
8votes
3answers
16kviews

Preparing an ASP.Net website for penetration testing

Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the ...
user avatar
Brian Scott
  • 9,017
7votes
2answers
293views

Can end user contact SQL DB if he can write his own Javascript?

I have a website on which i let the user edit the frontend of the website. The user only has access to an editor, not to the server its hosted on. The user asked me to also allow javascript. This ...
user avatar
user3127554
  • 519
7votes
2answers
6kviews

How to pass user credentials through Wapiti Web Application Vulnerability Scanner

I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and ...
user avatar
gidmanma
  • 1,424
7votes
1answer
2kviews

Is it possible to spoof or reuse VIEWSTATE or detect if it is protected from modification?

Question ASP and ASP.NET web applications use a value called VIEWSTATE in forms. From what I understand, this is used to persist some kind of state on the client between requests to the web server. ...
user avatar
Peter Jaric
  • 4,921
7votes
2answers
1kviews

XSS - Which browsers automatically escape urls in the address bar?

I have been performing some xss / javascript-injection / penetration-testing on my asp.net site recently and noticed that modern web-browser (ie latest FF and Chrome) are escaping the urls entered ...
user avatar
Philip Pittle
  • 10.7k
6votes
12answers
6kviews

Which of these scripting languages is more appropriate for pen-testing? [closed]

First of all, I want to avoid a flame-war on languages. The languages to choose from are Perl, Python and Ruby . I want to mention that I'm comfortable with all of them, but the problem is that I can'...
user avatar
Vhaerun
  • 12.1k
6votes
1answer
363views

Controlling SQL Servers best-fit unicode transformation

A recent whitehat scan made me aware of SQL Server's best fit unicode transformations. This means that when a string containing unicode characters is converted to a non-unicode string, SQL Server ...
user avatar
Brad Wood
  • 3,646
6votes
2answers
8kviews

Sqlmap traffic capture

I am trying to understand how SQLmap works. For example, sqlmap finds injection on my site - Place: GET Parameter: selected Type: UNION query Title: MySQL UNION query (NULL) - 5 columns ...
user avatar
Dmitrij Holkin
  • 1,840
5votes
4answers
11kviews

How do I provide stdin inputs from command line?

I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by me. The vulnerable code uses scanf to ...
user avatar
Lord Loh.
  • 2,387
5votes
1answer
5kviews

Penetration testers say that the .ASPXAUTH cookie is insecure and is displaying session data?

I thought the .ASPXAUTH was for user authentication? Can anyone confirm if this cookie is indeed a security risk and/or contains session information? Is it even suppose to be used or is it some debug ...
user avatar
MetaGuru
  • 40.9k
5votes
2answers
2kviews

Where can I find an exhaustive list of web attack strings [closed]

I'm looking for exhaustive list(s) of web attack strings, which includes as many possible injection strings as possible, including SQLis , XSS, XPATH injections, SSIs, etc. Preferably encoded in ...
user avatar
lisa1987
  • 435
5votes
1answer
2kviews

Conditional/Executable Comments in MySQL/SQL Server

Before I begin, I realize that what I'm attempting is bizarre and hackish. It's just for an isolated pen test, specifically SQL Injection. What I need to do is write a SQL statement that behaves ...
user avatar
Will
  • 758
4votes
1answer
12kviews

OWASP's ZAP and the Fuzz ability

My scenario: I navigate to a login page. I put in a known username with a bad password. ZAP picks this up no issue. I select the POST to the login page. I find the lines that contain the Username ...
user avatar
James Craig
  • 463
4votes
1answer
8kviews

How to intall ssl support for Nikto scanner?? I am trying install ssl library dependencies.Help me to achieve it

I have installed nikto on ubuntu 12.04 .when i am trying to scan targets oves ssl .It is sayin no SSL supoort .Please help me confgure nikto . On nikto website below line is written ,but not explained....
user avatar
Kapila Clan
  • 65
4votes
1answer
26kviews

Use App Scripts to open form and make a selection

To put this briefly I am testing a Google drive form that will record votes for a school election to ensure that it is secure. Is there a way to open a form from the shared URL and list/input data? ...
user avatar
Kyte
  • 826
4votes
3answers
2kviews

Preventing 'content-sniffing' type vulnerabilities when handling user-uploaded images?

The problem: I work on an internal tool that allows users to upload images - and then displays those images back to them and others. It's a Java/Spring application. I have the benefit of only needing ...
user avatar
Paul
  • 2,887
3votes
1answer
4kviews

Enable stack canaries in ios swift

I was looking for a way to enable stack canaries for my ios application in swift but then i found that recent version of xcodes have the flag required to enable stack canaries is enabled by default. ...
user avatar
XiOS
  • 1,385
3votes
3answers
3kviews

Pen testing your MVC application

Here are some the commonly known practices for securing an MVC application: Encode your output Parameterize your SQL Test your search backwards and forward 1 way hash passwords Lock out accounts or ...
Community wiki
3 revs, 2 users 100%
Jeremy Seekamp
3votes
4answers
13kviews

is it possible to load BackTrack 5 on Raspberry Pi?

I am thinking about loading Back Track 5 on the Raspberry Pi and was wondering if this is possible or am I setting myself up for wasting a lot of time? The ARM version of BackTrack5 is ~1 GB ...
user avatar
user1068636
  • 1,747
3votes
2answers
2kviews

Pen test blind SQL injection and viewstate error

I have an asp.net web app that's going through a pen test by internal IT. They are using IBM AppScan to run scans against the web app. One of the errors that keeps coming up is viewstate input field ...
user avatar
Tigran
  • 842
3votes
2answers
2kviews

Utilizing ZAP for RESTAPI testing

I'm curious as to how ZAP can be used to test RESTAPIs in the context of API security. Is it just the OpenAPI add on that can be used or are there other(more effective) methods?
user avatar
vuln3x
  • 41
3votes
1answer
4kviews

Is it fine to use duplicate response header with same value?

I found a response where duplicate headers are used by the application with the same value. Could anyone tell me that, Is it a good programming practice or those are used for security perspective or ...
user avatar
Pawan Dwivedee
  • 115
3votes
1answer
2kviews

AWS ALB Host Header Attack

I'm trying to find a way to stop a host header attack from happening on my ALB. My load balancer takes care of redirecting port 80 to 443 and that is where the attack is possible. Right now the only ...
user avatar
user2570937
  • 774
3votes
1answer
167views

Is there a security concern in RxJS library?

Currently I am working on a project that uses RxJS within Angular framework. A recent penetration testing report highlighted that the use of window.postMessage(‘’, ‘*’) in the application could lead ...
user avatar
DeepTech
  • 51
3votes
1answer
371views

WordPress Cookie Security - Persistent Cookie comment_author change to session cookie

Can someone explain to me how I would go about changing WordPress comment_author cookie expiery tag, I want to delete the 'Expires=' tag to change it to a session cookie. Where would i do this in ...
user avatar
user1673498
  • 421
3votes
1answer
9kviews

Python windows privilege escalation

So, I want to run a program in administrator mode (UAC) After some digging i foud this: import os import types from traceback import print_exc from sys import argv, executable def isUserAdmin(): ...
user avatar
Richard Paul Astley
  • 305
3votes
2answers
944views

Request.PathInfo issues and XSS attacks

I have a couple of websites running on .NET 3.5 still due to an API restriction. We will eventually move these sites to the latest .NET version this year. One of the penetration tests indicated a ...
user avatar
PhillyNJ
  • 3,632
3votes
1answer
2kviews

Is the Expect-CT HTTP header still relevant in 2021?

We recently had a penetration test performed on our site and one of the recommendations was to implement the Expect-CT HTTP response header: It is recommended to implement the Expect-CT header. A ...
user avatar
HappyDog
  • 1,096
3votes
1answer
200views

SQL Server database injection

I have a simple web application in asp with SQL Server back end database. The login page has an injection point and I am able to bypass the login by the usual ` ' OR 1=1 '. Now I was able to ...
user avatar
Tim
  • 41
2votes
2answers
5kviews

How do I verify a password which is hashed using a random salt?

I am developing a web application. Now from security perspective, salted hashing is required for the password while it is sent from client to server. Now my problem is, if I randomly generate a ...
user avatar
Yasha
  • 161
2votes
2answers
900views

Testing of Web Security

In your experience, what have you found, worked on, or encountered in terms of site vulnerabilities? And what actions did you take to mitigate these issues? This may include XSS (cross site scripting)...
Community wiki
Mark Mayo
2votes
2answers
7kviews

Request library not found - theHarvester.py

I am newish to programming and following a tutorial on IT security which uses a python utility called theHarvester to gather email accounts and domains for penetration testing purposes. I have python ...
user avatar
Chris Dormani
  • 456
2votes
3answers
4kviews

Difference between Red Team, Penetration Testing and Blue Team [closed]

If a corporation includes as "internal entities" all of the following teams: 1) Red Team 2) Penetration Testing Team 3) Blue Team What will be the differences between them? I find some difficulties ...
user avatar
Wesamz
  • 57
2votes
2answers
11kviews

Penetration testing for PHP security vulnerabilities [closed]

I am doing a undergrad research paper on "Identifying and Testing security vulnerabilities in websites". Initially I thought I would test manually as I had specified in my methodology that I would ...
user avatar
user3558596
2votes
2answers
10kviews

python scripts with metasploit-framework

I have installed metasploit-framework from git. It's working fine. I have followed tutorial from Metasploit Framework. Now I would like to add more scripts to this framework, like scripts from Avg ...
user avatar
sharafjaffri
  • 2,006
2votes
3answers
64views

Check if directory is a subdirectory of specific directory

I'm currently developing a Web-App with an SSH-Connection. One Task is that I need to validate if a directory is below the htdocs-dir of the current user. Until now, what I did is checking the ...
user avatar
Alexis Peters
  • 1,563
2votes
1answer
4kviews

Is SQL injection possible even on a prepared statement

I read many articles on Stack Overflow regarding how SQL injection can be prevented by using prepared statements But is there any way to do SQL injection even on prepared statements or is it 100% ...
user avatar
Vicky
  • 2,911
2votes
2answers
16kviews

get ip address from bssid

I am doing some penetration testing, and im trying to find out, if i can get the IP address of an router if i got the bssid, or any i can get with the AIR tools? I use Linux Kali with the Air tools ...
user avatar
Daniel
  • 1,982
2votes
1answer
3kviews

Host Header Injection

I am a beginner in security and reading about the host header injection. I tested an application for this vulnerability and it is possible there for some request but developer implemented no-cache, no-...
user avatar
Pawan Dwivedee
  • 115
2votes
1answer
461views

how dangerous are the S3 error handling url parameters

a website has this form where you can submit a file, there's an error in which when u try to access the file before uploading it, you get this fallback from S3, of what severity would you consider ...
user avatar
BillyJean1
  • 43
2votes
1answer
114views

Signing an apk. Is this a measure of securing against penetration attacks?

My questions: When I am signing my apk for release, does a checksum number created for securing my apk for penetration attacks? So if someone gets his hands on my apk and is able to open it and ...
user avatar
Libathos
  • 3,488
2votes
2answers
1kviews

Writing to directory with 777 permission

It is usually said that if a directory has 777 permission , the world can write to it hence it is not supported. Suppose I have domain like abc.com/DIR DIR is the directory and has 777 permission, ...
user avatar
Johnny
  • 1,685
2votes
1answer
1kviews

drools spreadsheet - input validation of spreadsheet rules

I'm currently investigating designing a business solution that uses the drools decision table spreadsheet format (link to jboss drools documentation). A business user would own and maintain the rules ...
user avatar
Chris Snow
  • 22.1k

15 30 50 per page
1
2 3 4 5
8

Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.