Saturday , 30 May 2020

Security and the Cloud

Security and the Cloud

Security and the cloud: Since this is a certification exam on security and not just on memorization of cloud-based terminology, it is important to recognize the security issues associated with cloud computing. Two you should know for the exam are multitenancy and laws and regulations:   Multitenancy: One of the ways cloud computing is able to obtain cost efficiencies is …

Read More »

Databases and Technology

Databases and Technology

Databases & Technology: One key reason why computers are installed is for their ability to store, access, and modify data. The primary tool for data management is the database. Databases have become increasingly sophisticated, and their capabilities have grown dramatically over the last 10 years. This growth has created opportunities to view data in new ways; it has also created …

Read More »

Identifying Critical Systems and Components

Identifying Critical Systems and Components

Identifying Critical Systems & Components:  Sometimes your systems are dependent on things that you would not normally consider, basic utilities such as electricity, water, and natural gas are key aspects of business continuity. In the vast majority of cases, electricity and water are restored—at least on an emergency basis—fairly rapidly. The damage created by blizzards, tornadoes, and other natural disasters, …

Read More »

Risks Associated with Cloud Computing

Risks Associated with Cloud Computing

Risks with Cloud Computing: The Term cloud computing has grown in popularity recently, but few agree on what it truly means. For the purpose of the Security+ Exam, cloud computing means hosting services and data on the Internet instead of hosting it locally. Some examples of this include running office suite applications such as Office 365 or Google Docs from …

Read More »

Risks Associated with Virtualization

Risks Associated with Virtualization

Risks Associated with Virtualization: If cloud computing has grown in popularity, virtualization has become the technology du jour. Virtualization consists of allowing one set of hardware to host multiple virtual machines. It is in use at most large corporations, and it is also becoming more common at smaller businesses. Some of the possible security risk associated with virtualization includes the …

Read More »

Burp Suite

Burp Suite

Burp Suite: For our purposes, we will use Burp Suite Intercept (or just Burp for short) as our proxy as it is widely viewed as one of the most feature-rich web hacking platform available.   We will be using many tools in Burp Suite throughout the duration of our hacking approach. Burp Suite is available in BackTrack, but for more …

Read More »

BRUTE FORCE AUTHENTICATION ATTACKS

BRUTE FORCE AUTHENTICATION ATTACKS

Brute Force Attacks: Authentication actually takes place in many other parts of the web application other then the main login page. It is also present when you change your password, update your account information, use the password recovery functionality, answering secret questions, and when you use the remember me option. If any of other authentication processes in flawed, the security …

Read More »

Operating System Command Injection Vulnerabilities

Operating System Command Injection Vulnerabilities

O/S Command Injection Vulnerabilities: Another attack vector that is part of injection is operating system command injection. This occurs when a hacker is able to dictate what system level commands (commonly bash in Linux or cmd.exe in Windows) are run on the web server. In most cases, a hacker will append on a malicious system command to an existing command …

Read More »

USING NMAP TO PERFORM AN XMAS SCAN

USING NMAP TO PERFORM AN XMAS SCAN

XMAS SCAN: In the computer world, a request for comments (RFC) is a document that contains either notes or the technical specifications covering a given technology or standard. RFCs can provide us with a tremendous amount of details about the inner workings of a particular system. Because RFCs describe the technical details of how a system should work, attackers and …

Read More »

Looking Closely at Web Servers

Looking Closely at Web Servers

Web Servers: Before we can get into the process of analyzing and hacking web servers as well as applications, we must look at the web servers themselves. In the simplest terms, a web server is a software package that is designed to deliver files and content over HTTP. These files are delivered in response to request that come from clients …

Read More »