InfoSec

It is a method used to create connection between client and server in TCP/IP network. It's simple three step process take place before the actual data communication begins, where client and server exchange SYN and ACK packets. So, a three-way handshake is primarily used to create a TCP socket connection, it works when: First a client node send a SYN packet to server which may or may not be on same network, to talk to server whether it open for new connection or not. If server have open port it accept and initiate new connection, so when server receives SYN packet it respond with ACK packet or SYN/ACK packet. Telling client that request has been acknowledged. Client receives SYN/ACK packet and respond with an ACK packet . After completion of this process, the connection is created and client and server can communicate.  For the same reasons it also refers as connection oriented service where first connection is established before the starting of communicat

As discussed in topic SOP, it is an important security concept implemented to prevent JavaScript code from making request against a different origin than the one from which it was served. Although the Same Origin Policy is effective in preventing, but it also prevents legitimate interaction between server and clients of a known and trusted origin. Cross-Origin Resource Sharing (CORS) is a technique for relaxing the same-origin policy, allowing JavaScript on a web page to take a REST API served from different origin. CORS allows cross domain HTTP exchange of data, means a page running at origin X can send and receive data from server at origin B, it is abundantly use in web application where document, web fonts and CSS are loaded from different origin. CORS works by adding new HTTP header that allows web server to speak with a list of whitelisted domain(Trusted) that are allowed to connect and interact with server. Here browser reads the header and process accordingly so we can

SOP or Same Origin Policy is restrictive policy that prevent loading of document and malicious script from one origin to obtain access to sensitive data on another web page through that page's Data Object Model. (Data Object Model is Application Programming Interface for valid HTML and XML documents and defines the logical structure of documents) Lets take an example to get better understanding of SOP , You open your FACEBOOK account in a tab and then you open another web page in different tab which has some JavaScript code that attempts to access information from your FACEBOOK page, that the point where Same Origin Policy kicks in, as soon attempt is made to get access from some other domain then this policy prevent interaction. Origin of a webpage is based on hostname , protocol and port number . The path of the page doesn't matter as long as these three things are satisfied. Data stored in localstorage is also governed by SOP. Let take an example exhibiti

TCP/IP and OSI Model Open System Interconnect model is a standard of the International Organization for Standardization (ISO). It is a general-purpose paradigm for discussing or describing how computers communicate with one another over a network. Its seven-layered approach to data transmission divides the many operations up into specific related groups  of actions at each layer . Transmission Control Protocol/Internet Protocol  is Internet protocol suit created by US Defense Advance Research Project Agency to ensure that communication could survive in any condition and data integrity would not be compromised under malicious attacks. The Transmission Control Protocol provides a communication service at an intermediate level between an application program and the Internet Protocol. It provides host-to-host connectivity at the  Transport Layer  of the Internet model. An application does not need to know the particular mechanisms for sending data via a link to another host

SQL injection  is technique of inserting nefarious SQL statement into the input field by attacker to a web application for execution  (e.g. to dump the database contents to the attacker) .  SQL injection attacks allow attackers to spoof identity, tampering of data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrator of database server. It is considered as one the top 10 web application vulnerabilities by 2007 and 2010 by the OWASP and rated the number one attack on the OWASP top ten in 2013. The sub-classes of SQL injections are: 1. In-band or Classic SQL Injection 2. Inferentital or Blind SQL Injection 3. Outband SQL Injection (I). Classic SQL Injection:  It is most common and easy to exploit Injection attacks. This occur when an attacker is able to use the same communication channel to both launch the attack and gather result. There are two types of classic SQL injection technique

THE TEN MOST CRITICAL WEB APPLICATION SECURITY RISKS The aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas. A1 – Injection: Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. A2 – Broken Authentication and Session Management: Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities. A3 – Cross-Site Scripting (XSS): XSS flaws occur w

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. SQLMap is coded in  Python  programming language and runs natively in Linux operating system, for running it in Windows, first you have to download Python then Sqlmap. Steps are as follows:  Step 1 – Download & Install Python Python 2.7 installed on your Windows machine. Ensure that version 2.7.5 is installed which can be downloaded from here -  http://www.python.org/download/ Choose either the normal Windows installer, or the Windows x86-64 installer. Run through the install accepting the defaults.  If all went well, then all of the Python files should be installed to C:\Python27\ Step 2 – Download SQLMap SQLMap downloaded on your Windows machine The latest and greatest version is available on the SQLMap home page – click here -  https://github.com/sqlmapproject/sqlmap.git  or  here  http://sqlmap.org/

It is a one of the most asked question by the seekers , who want to start their career in Information Security . So the first thing is to get a good Education: Information Security is an advanced discipline that mean you should ideally be good at some other area of computer technology before entering it. This is not required, but it is common and it’s ideal.  The main areas that infosec people come from are System Administration Networking Development So the basic knowledge that you should know or work on are ; 1. Networking 2. System Administrator 3. Programming Networking : Networking contains  knowledge TCP/IP , switching, routing, protocols etc. System Administrator : It contain knowledge of system like Linux and Windows , Active Directories,                                       etc. Programming: Having good knowledge of concepts, object orientation basics and scripting. Talking about certifications courses that can also provide basic k

Exploiting SQL Injection: In this we are going to use tool that exploits SQL injection flaws ; the tool is called SQLMap; It is powerful and versatile tool that contains a wide array of features some of them are: Error Based Injection Blind Injection Time based Injection Stacked Queries Install it: Introduction to SQLMap: For demonstrations I have used an open source application DVWA It takes a GET parameter named id and displays ID, First name, Surname. For /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit# it displayed first user → If we increment the ID parameter we will see different ID, First name, Surname So what i have done here is , I have capture the request in burp suit (will explain in another post) and copied the request to a text file name d.txt Let try SQLMap and try to check whether it is exploitable or not: ./sqlmap.py -r d.txt We get that GET parameter id might be vulnerable to XSS And back-end DBMS is  ‘My