Category: #30daysofsecuritytesting

Day 9: Discover the process and procedures around Security Auditing.

A Beginner's Guide to Understanding Security Auditing: Processes and Procedures I've always wondered what security audits usually cover or look for—I've never been a part of any of those audit processes. The closest I've been is when we have security considerations during dev - something like, 'We need to do this (e.g., SIEM, archiving, soft... Continue Reading →

0

Day 8: Use a proxy tool to observe web traffic in a web or mobile application.

Experiment: This experiment will use Burp Suite to observe web traffic in OWASP Juice Shop and we will intercept and modify the rating in the request before sending it to the server. Step 1: go to OWASP Juice Shop and navigate to customer feedback page for the burger menu Step 2: Intercept the traffic using... Continue Reading →

0

Day 6: Explore Google gruyere

Cross-Site Scripting on google gruyere. Cross-Site Scripting (XSS) Explained Cross-Site Scripting (XSS) is a critical web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These injected scripts, often written in HTML or JavaScript, execute within the victim's browser, enabling attackers to bypass the browser's same-origin policy and... Continue Reading →

0

Day 5: Learn about Threat Modelling

What is Threat Modeling? Threat modeling is a structured approach to identifying, quantifying, and addressing security risks associated with an application. It encompasses a family of activities aimed at improving security by identifying threats and defining countermeasures to prevent or mitigate their effects on the system. Understanding Threats: A threat, in this context, refers to... Continue Reading →

0

Website Powered by WordPress.com.

Up ↑