Terms used in Security Testing
Few terms that are frequently used in web application security testing:
What is “Vulnerability”?
This is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses.
What is “URL manipulation”?
Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server.
What is “SQL injection”?
This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server.
What is “XSS (Cross Site Scripting)”?
When a user inserts HTML/ client-side script in the user interface of a web application and this insertion is visible to other users, it is called XSS.
Wednesday, January 20, 2010
Friday, January 15, 2010
What is 128-bit Secure Socket Layer?
What is 128-bit Secure Socket Layer?
SSL stands for "Secure Sockets Layer". It is a protocol designed to enable applications to transmit information back and forth securely. Applications that use this protocol inherently know how to give and receive encryption keys with other applications, as well as how to encrypt and decrypt data sent between the two.SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between the customer's computer and servers.
Some applications that are configured to run SSL include web browsers like Internet Explorer and Netscape, email programs like GroupWise, Outlook, and Outlook Express, FTP (file transfer protocol) programs, etc. These programs are automatically able to receive SSL connections.
To send an SSL connection, however, or to open a secure connection, your application must first have an encryption key assigned to it by a Certification Authority. Once it has a unique key of its own, you can establish a secure connection with every other application that can "speak" the SSL protocol.
Regards,
Bharath
Monday, January 4, 2010
Unix Basic Commands
Basic UNIX Commands
Use the following commands to help you manage your UNIX account.
IMPORTANT: The UNIX (Ultrix) operating system is case sensitive. All commands must be typed in lower-case letters unless noted otherwise.
Displaying a Directory
ls-- Lists the names of files in a particular UNIX directory. If you type the ls command with no parameters or qualifiers, the command displays the files listed in your current working directory. When you give the ls command, you can add one or more modifiers to get additional information.
Example: ls
Result: Lists the names of files in your default directory, in alphabetical order.
Example: ls -l
Result: Gives a "long listing" of the files in your directory. In addition to the file name, the long listing shows protection information, file owner, number of characters in file, and the date and time of the last change to the file.
Example: ls -a
Result: Causes all your files to be listed, including those files that begin with a period (i.e., hidden files).
For more information, type man ls at the UNIX system prompt.
Displaying and Concatenating (Combining) Files
more--
Enables examination of a continuous text one screenful at a time on a terminal. It normally pauses after each screenful, printing -- More -- at the bottom of the screen. Press
Example: more newfile
Result: Displays the contents of “newfile” one screen ("page") at a time.
For more information about this command, type man more at the UNIX system prompt.
cat-- Displays the contents of a file on your terminal.
Example: cat newfile
Result: Displays the contents of the file “newfile” on your terminal.
Example: cat newfile oldfile
Result: Displays the contents of two files -- “newfile” and “oldfile” -- on your terminal as one continuous display.
While a file is being displayed, you can interrupt the output by pressing
The cat command is also used to concatenate (combine) files and put them into another file. If you concatenate files to another one that already exists, the existing contents are permanently lost.
Example: cat fileone filetwo filethree > newfile
Result: Links together three files -- fileone, filetwo and filethree -- into a new file called “newfile”. The original files remain intact.
For more information about the cat command, type man cat at the UNIX system prompt.
Copying Files
cp-- Makes copies of your files. You can use it to make copies of files in your default directory, to copy files from one directory to another directory, or to copy files from other devices.
Example: cp fileone filetwo
Result: Copies the contents of fileone to a file named filetwo. Two separate files now exist.
Example: cp /usr/neighbor/testfile .
Result: Copies the file testfile from the directory /user/neighbor to your UNIX account. The period( . ) at the end of the command line indicates that the file is to be copied to your current working directory and the name will remain the same.
To copy a file from another user’s directory on UNIX, you must know the person’s username.
Example: cp ~username/file1 yourfile
Result: Copies the file "file1" from user to your UNIX account. The name of the file in your directory becomes yourfile. (Protections must be set for file to be readable by you in user abcst’s directory in order to be able to copy the file.)
For more information, type man cp at the UNIX system prompt.
Deleting Files
rm-- Deletes specific files. You can enter more than one file specification on a command line by separating the file specifications with spaces.
Example: rm newfile
Result: Deletes the file named “newfile”.
Example: rm newfile oldfile
Result: Deletes two files -- “newfile” and “oldfile”.
Example: rm new*
Result: Deletes all files that begin with the prefix new.
For more information, type man rm at the UNIX system prompt.
Renaming Files
mv-- This command changes the identification (name) of one or more files.
Example: mv oldfile newfile
Result: Changes the name of the file “oldfile” to “newfile”. Only one file will exist.
Example: mv oldfile bin/newfile
Result: Changes the name of the file “oldfile” to “newfile” and places it in the directory /bin. Only one file will exist.
For more information, type man mv at the UNIX system prompt.
Printing from UNIX
The lpr command prints files on UNIX. Use the -Pqueuename option to select a printer; use the -D option below to get PostScript output.
Example: lpr -PDLH sample.file
Result: This is the default output. Single-sided output, two pages’ worth of text per side, landscape format (132 characters per line by 66 lines per page). Output is queued to printer .
Example: lpr -Dpostscript -PCL sample.ps
Result: Use this form option for printing PostScript files (.ps extension) produced by Scribe or other applications. Output is queued to printer
The UNIX operating system is case sensitive; type all commands in lower-case letters unless noted otherwise.
Regards,
Bharath
Sunday, January 3, 2010
Differences between Book Mark, Cookies,Cache,Browser History
Differences between Book Mark, Cookies,Cache,Browser History
Book Mark:
In the context of the World Wide Web, a bookmark is a locally stored Uniform Resource Identifier (URI). All modern web browsers include bookmark features. Bookmarks are called favorites or Internet shortcuts in Internet Explorer
Cookies:
A cookie is a small piece of text stored on a user's computer by a web Server. A cookie consists of one or more name-value pairs containing bits of information such as user preferences, shopping cart contents, the identifier for a server-based session, or other data used by websites.
Cache:
A cache operates as a temporary storage area where frequently accessed data can be stored for rapid access. Once the data is stored in the cache, it can be used in the future by accessing the cached copy rather than re-fetching or recomputing the original data.
Browser Hisory:
Browser history logs the date, time and web address of every page you have visited.
Regards,
Bharath
Book Mark:
In the context of the World Wide Web, a bookmark is a locally stored Uniform Resource Identifier (URI). All modern web browsers include bookmark features. Bookmarks are called favorites or Internet shortcuts in Internet Explorer
Cookies:
A cookie is a small piece of text stored on a user's computer by a web Server. A cookie consists of one or more name-value pairs containing bits of information such as user preferences, shopping cart contents, the identifier for a server-based session, or other data used by websites.
Cache:
A cache operates as a temporary storage area where frequently accessed data can be stored for rapid access. Once the data is stored in the cache, it can be used in the future by accessing the cached copy rather than re-fetching or recomputing the original data.
Browser Hisory:
Browser history logs the date, time and web address of every page you have visited.
Regards,
Bharath
Subscribe to:
Posts (Atom)