Category: Tutorials

Learn how to do something step-by-step.

A Bug Bounty Tester’s Guide to Detecting XSS Vulnerabilities

Cross Site Scripting (XSS) vulnerabilities occur when web applications include untrusted data on a web page without proper sanitization and validation of user input, such as when a web page includes user-supplied data using a browser API that can create HTML or JavaScript. The XSS vulnerability is exploited when an attacker executes malicious scripts in ...

A Bug Bounty Tester’s Guide to Detecting SQL Injection Vulnerabilities

Structured Query Language (SQL) is a language used to query, operate, and administer Relational Database Management Systems (RDMS). Major database systems that use SQL include MySQL, PostgreSQL, SQL Server, DB2, and Oracle. Since database systems are commonly used in modern web applications to store user-supplied data, these systems are fruitful targets for hackers. A SQL ...

PenTest Edition: SQL Injection Attacks Using Both Burp Suite and Sqlmap

In this tutorial, I'm using BurpSuite to grab cookie information from a user and feed it into an SQL injection attack using sqlmap. To perform this test attack, I'm using the Damn Vulnerable Web App (DVWA) as a SQL injection vulnerable web site/database. As a prerequisite, the reader should have at least a basic understanding ...

PenTest Edition: Go from Beginner to Advanced with nmap

Network Mapper, otherwise known as "nmap," is a powerful open-source program, perfect for conducting reconnaissance and enumeration. Yes, nmap is well-known for this purpose and it's included in every whitehat-to-blackhat's toolbox for that very reason; however, I want to point out that it has many other uses as well. For instance, a network administrator may  ...

Installing Kali Linux in VMware Workstation Player (VMware Tools Included)

This tutorial will walk you through installing the latest version of Kali Linux as a Virtual Machine (VM) on VMware Workstation Player 14. I will also show you how to install VMware tools. Straight from the official Kali Linux Web site: Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security ...