Category: Software Topics

SQL Injection Prevention and Mitigation

Structured Query Language (SQL) is an ANSI standard language developed to communicate with a relational database. SQL is used by all major database systems, including MySQL, PostgreSQL, SQL Server, DB2, Oracle, and so on. An Overview of SQL A Relational Database Management Systems (RDBMS) is used to manage relational databases, that is, it is a ...

PenTest Edition: SQL Injection Attacks Using Both Burp Suite and Sqlmap

In this tutorial, I'm using BurpSuite to grab cookie information from a user and feed it into an SQL injection attack using sqlmap. To perform this test attack, I'm using the Damn Vulnerable Web App (DVWA) as a SQL injection vulnerable web site/database. As a prerequisite, the reader should have at least a basic understanding ...

PenTest Edition: Go from Beginner to Advanced with nmap

Network Mapper, otherwise known as "nmap," is a powerful open-source program, perfect for conducting reconnaissance and enumeration. Yes, nmap is well-known for this purpose and it's included in every whitehat-to-blackhat's toolbox for that very reason; however, I want to point out that it has many other uses as well. For instance, a network administrator may  ...

Installing Kali Linux in VMware Workstation Player (VMware Tools Included)

This tutorial will walk you through installing the latest version of Kali Linux as a Virtual Machine (VM) on VMware Workstation Player 14. I will also show you how to install VMware tools. Straight from the official Kali Linux Web site: Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security ...

PenTest Edition: Create Evil Twin Using dnsmasq and hostapd

As promised in Creating an Evil Twin or Fake Access Point Using Aircrack-ng and Dnsmasq [Part 2 - the Attack], here is another way we can create an evil twin. In this demonstration, I am going to use hostapd instead of Aircrack-ng. I personally think hostapd is better solely due to the fact that we can ...