Security
VNCInjection with courtesy shell enabled, by default

Metasploit 101 with Meterpreter Payload

The Metasploit framework is well known in the realm of exploit development. It is a standalone tool for security researchers, penetration testers and IDS/IPS developers. As of now, it has 640 exploit definitions…

Secured!

Securing Apache, Part 6: Attacks on Session Management

In this part of the series, we are going to concentrate on attacks on session management. Application-level attacks on the session is about obtaining or manipulating the session ID without any prior information…

Secured!

Securing Apache, Part 5: HTTP Message Architecture

In the last four articles in this series, we have discussed SQL injection, XSS, CSRF, XST and XSHM attacks, and security solutions. This article focuses on attacks exploiting the HTTP message architecture in…

Wi-Fi penetration testing

Aircrack-ng: Wi-Fi Troubleshooting, Auditing and Cracking Made Easy

Wi-Fi technology has today become almost ubiquitous for wireless local area networks at offices, restaurants, homes, airports, hotels, etc. However, with increased Wi-Fi usage and awareness, hackers (or, rather, crackers) are exploiting the…

File uploads

Secure Upload Methods in PHP

Here’s how to deal with file upload attacks against sites developed in PHP, and how to write more secure code to prevent these attacks. In most Web applications, developers provide upload file functionality…

Locked up!

Securing Apache, Part 4: Cross-site Tracing (XST) & Cross-site History Manipulation (XSHM)

This series of articles addresses the Web security concerns of information security experts, systems administrators and all those who want to jump-start their careers in this domain. This time we will delve deeper…

The user interface of msfconsole

Metasploit: The Exploit Framework for Penetration Testers

Today, the Metasploit Framework is considered the single most useful auditing tool that is freely available to security professionals and penetration testers. It has a wide array of commercial-grade exploits, an extensive exploit-development…

Security measures

Securing Apache, Part 2: XSS Injections

In the previous article in this series, we started our journey to a secured Apache by dissecting its internals. We then looked at various attacks against Web applications via injection flaws, beginning with…

Lock it up!

Securing Apache, Part 1: The Basics

Targeted at readers with Web security concerns, information security experts, systems administrators and all those who want to jump-start their careers in Web security, this series of articles intends to cover the strengthening…

All published articles are released under Creative Commons Attribution-NonCommercial 3.0 Unported License, unless otherwise noted.
Open Source For You is powered by WordPress, which gladly sits on top of a CentOS-based LEMP stack.

Creative Commons License.