Category: Software Topics
SQL Injection Prevention and Mitigation
Structured Query Language (SQL) is an ANSI standard language developed to communicate with a relational database. SQL is used by all major database systems, including MySQL, PostgreSQL, SQL Server, DB2, Oracle, and so on. An Overview of SQL A Relational Database Management Systems (RDBMS) is used to manage relational databases, that is, it is a ...
PenTest Edition: How SQL Injection Attacks Work Using Both Burp Suite and Sqlmap
In this tutorial, I'm using BurpSuite to grab cookie information from a user and feed it into an SQL injection attack using sqlmap. To perform this test attack, I'm using the Damn Vulnerable Web App (DVWA) as a SQL injection vulnerable web site/database. This is a free application you can download for testing. As a ...
PenTest Edition: Go from Beginner to Advanced with nmap
Network Mapper, otherwise known as "nmap," is a powerful open-source program, perfect for conducting reconnaissance and enumeration. Yes, nmap is well-known for this purpose and it's included in every whitehat-to-blackhat's toolbox for that very reason; however, I want to point out that it has many other uses as well. For instance, a network administrator may ...
Installing Kali Linux in VMware Workstation Player (VMware Tools Included)
This tutorial will walk you through installing the latest version of Kali Linux as a Virtual Machine (VM) on VMware Workstation Player 14. I will also show you how to install VMware tools. Straight from the official Kali Linux Web site: Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security ...
PenTest Edition: Create Evil Twin on Your Home Network Using dnsmasq and hostapd
As promised in Creating an Evil Twin or Fake Access Point Using Aircrack-ng and Dnsmasq [Part 2 - the Attack], here is another way we can create an evil twin. In this demonstration, I am going to use hostapd instead of Aircrack-ng. I personally think hostapd is better solely due to the fact that we can ...
The Cybersecurity Man 