Monday, January 7, 2019

Security awareness

Training github workshop
https://github.com/sapran/appsec_awareness_training


Enter your email and tells you if your email is being leacked
https://haveibeenpwned.com/


Owas top 10 volnerability
https://www.owasp.org/index.php/Top_10-2017_Top_10


Reward to hackers to found bugs
https://www.bugcrowd.com/bug-bounty-list/

web-dvwa is a docker sample in php which shows volnerabilities
the sample used is
https://hub.docker.com/r/vulnerables/web-dvwa/
docker pull vulnerables/web-dvwa
docker run --rm -it -p 1080:80 vulnerables/web-dvwa



















Gives you xss code that you can use in xss
https://xsshunter.com/app

SQL INJECTION
http://sqlmap.org/


List of Payload for different payloads
https://github.com/danielmiessler/SecLists


Cheat sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet


OWASP Zed Attack Proxy (ZAP)
https://www.zaproxy.org/


Sonarqube
https://www.sonarqube.org/
https://hub.docker.com/_/sonarqube/
continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities


MS Threat Modeling Tool
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
can be used to draw your software diagram and shows you the threats


















List on known Groups per country
https://attack.mitre.org/


Security Check for http headers
https://securityheaders.com/


Test SSL server certificate
https://www.ssllabs.com/ssltest/


DAST, or Dynamic Application Security Testing
SAST, or Static Application Security Testing
IAST or Interactive Application Security Testing


Burp Suite is a graphical tool for testing Web application security
https://portswigger.net/burp

more functionality than fiddler, to start proxy should set to localhost 8080
Go here and download and install certificate http://localhost:8080/
intercept is to record traffic

https://attack.mitre.org/
List of organization and attacks

check your security headers

https://securityheaders.com/

7 comments:

  1. Sonam SharmaJanuary 14, 2021 at 12:29 AM

    Book High-class Luxury & Premium Janakpuri Escorts Service
    Janakpuri Escorts offer discreet relationships with wall-mannered, beautiful and sexy girls. Our warm, friendly support team will make sure that the high-profile female Janakpuri call girls you're introduced to are often relied upon to supply discreet, ideal company for any occasion.
    Janakpuri Escorts
    Call girl in Janakpuri

    ReplyDelete
  2. Ankita Tiwari Kolkata Escort Service In Call GirlMarch 10, 2021 at 2:07 AM


    callgirl in kolkata
    escort service in

    ReplyDelete
  3. Aisha EscortsMay 26, 2021 at 8:31 AM

    Dwarka Escorts girls are excellent babes with an attractive attitude that interests you to have a private session with them. Satisfying your desire for pleasure, they took you into a seductive quality to play the most off-color role. Our experts allow you to feel the heat of their service by seducing you in every imaginable way.

    ReplyDelete
  4. GorgeousdoodlesFebruary 22, 2022 at 2:16 AM

    havanese dogs for sale
    havanese puppies for sale
    teacup havanese puppy
    chocolate havanese puppy for sale
    teacup pomeranian for sale
    doodle puppies
    aussiedoodle puppies for sale
    bernedoodle puppies for sale
    goldendoodle puppies for sale

    https://www.fluffyhavanese.com/

    ReplyDelete
  5. Moradabad EscortsAugust 17, 2023 at 9:45 PM

    Excellent Work and Great Post Thanku For Sharing a Nice Article

    ReplyDelete
  6. kavyaSeptember 7, 2023 at 1:03 AM

    are you looking for :- Ludhiana tour Guide service
    Tour Guide service in Ludhiana
    Ludhiana personal assistant
    personal assistant service in Ludhiana
    Ludhiana lady in waiting for You
    assistant service in Dehradun

    ReplyDelete
  7. AshnamittalNovember 22, 2023 at 3:58 AM

    Ashnamittal

    ReplyDelete