Web Application penetration testing with Suruji

Posted by SiddhartH SolankI
If you are new in the Web Application Penetration testing/Information security and looking for a good source to learn web application penetration testing and want to participate in the bug bounty programs then i am going to introduce one of the best web application penetration testing course online.

Web Application penetration testing with Suruji 
Web Application Penetration testing with Suruji. In this web application penetrating course you will learn all the fundaments of web application penetration testing with practical examples. This web application penetration testing also includes the real life examples of bugs and its proof of concepts.

This video series is made by well known information security researcher and penetration tester Atul Shedage. He have been awarded by big internet companies like Google, Facebook, Palpal, Twitter, Yahoo, Magento, Apple, Etsay, redhat, Freelancer Microsoft and many more.

In this web application penetration testing you will learn all the things from the very basis from http post and get methods to logical vulnerabilities. After this course you don’t need any other tools to find vulnerabilities you will find the vulnerabilities manually wit the help of Suruji Basics Of Web Application Penetration Testing course.

You will learn OWASP top 10 vulnerabilities which includes following top 10 vulnerabilities.

In the injection you will learn SQL injection and html injection from very basic to advance level. It also includes how you can bypass login page with the help of MySql injection. You will learn union based SQL injection, Blind SQL injection and header based sql injection. It also include 2 Proof of concepts where he have found SQL injection vulnerability.

Broken Authentication and Session Management
It includes authentication bypass using bruteforce attack. And you will also learn username enumeration.

Cross-Site Scripting (XSS)
You will learn xss from very basic like its impact and where it can be found. This course will explain how you can find cross site scripting vulnerability and there are three types of XSS vulnerabilities and its explained well in this course. Moreover you will learn how you can easily bypass XSS filters.

Insecure Direct Object References
It holds the 4th position on OWASP top 10 vulnerabilities and in this video training session you will learn how to easily find insecure direct object reference vulnerability.

ClickJacking Vulnerability
It also known as UI redress attack. You will learn ClickJacking vulnerability from very basis and how an attacker can trick the user to perform unwanted actions.

Cross-Site Request Forgery (CSRF)
CSRF vulnerability also known as XSRF vulnerability. You will from very basis what is CSRF vulnerability. In this video you will learn How you can find CSRF vulnerability with tools and mozilla firefox addon and how you can bypass the CSRF token easily. More over you will learn how to find sub domains of the particular web application, How to create your own Google dorks to find vulnerabilities easily and many more things.

Actual price of this amazing course is $99 but being Hack for security's reader i will give you 50% discount. You can get this course just in $50!! join this course from following link.

Author’s Note:
If you are new in the information security field and you want to make it your carrier then i highly recommend this course. You will learn everything in just 3 hours. Its value for money course and stop wasting your precious time and join Suruji Web application course and make money through BugBounty programs.
Read More

Researchers Get $11,171 for reporting multiple vulnerability to eBay Magento eCommerce web application

Posted by SiddhartH SolankI
Magento eCommerce was vulnerable to many critical vulnerabilities like XSS, CSRF, SQL and many more vulnerabilities so, they have started bug bounty program to secure their web applications.
Indian security researcher named Atul Shedage have found multiple XSS and CSRF vulnerabilities in the Magento eCommerce.  He was the very first security researcher to find and report these vulnerabilities. He have reported these vulnerabilities through Bugcrowd.

He has already been acknowledged by most famous companies like Google, Facebook, Apple and many more! He got 14th rank in the Bugcrowd and he have reported more then 50 bugs through Bugcrowd.

He have reported these bugs on 12th march 2014 and he got bounty on 20 April 2014 so the details of his findings is not thorough. You can check out the snapshot.
Read More

How to control your PC from anywhere using your android device

Posted by SiddhartH SolankI
Do you ever wanted to Operate your PC remotely? or you ever forgot your important documents in your PC ? then here we will be discussing about how to actually access your PC from anywhere using your Smartphone.  Now to Control your PC from the remote place all you need is two things one is Google’s Chrome Remote desktop for Chrome  and Chrome remote desktop for your android device.

Using this Google’s Chrome Remote Desktop you can easily access your PC from the remote areas you can also open the task manager and in short you can manage your whole computer from the remote place.

Read More

Samsung Galaxy S5 Fingerprint Scanner bypassed easily

Posted by SiddhartH SolankI
Samsung’s Galaxy s5 is surely quite awesome device having lots of new features and one of the new feature of the Samsung’s Galaxy s5 is Figure print scanner actually it adds one security layer.

Samsung Galaxy S5 Fingerprint Scanner bypassed easily

Somehow the Samsung’s Galaxy s5’s new security layer called the fingerprint scanner can be bypassed easily using the lifted fingerprint. And any one can get the unauthorized access to your Samsung’s Galaxy s5 device just by lifted fingerprint with wood-glue based dummy finger.

Moreover Samsung’s Galaxy s5 is not asking for the password to access your Paypal Account application so once the attacker got the access in your Smartphone then they can easily make transactions and he can also buy products using your Samsung’s Galaxy s5 Smartphone.

Samsung’s Galaxy s5 allows infinite attempts to unlock the device and  Apple’s I phone 5s also have the same feature but it requires strong password the occasion you boot a device and Samsung’s Galaxy s5 dose not have such security.

And of coerce one need the physical access to your device and if your phone is stolen, then the thief will be able to access your phone and can perform any tasks.
Read More

Flicker is Vulnerable to Remote Code execution and SQL Injection Flaws

Posted by SiddhartH SolankI

Flicker is very large photo sharing and photographs management system and its owned by the Yahoo!

Flicker vulnerable to sql injectin and remote code execution

Security Researcher named Ibrahim Raafat have found that the Flicker is suffering from the SQL injection and Remote code execution vulnerabilities. He have found Two parameters which where vulnerable to the SQL injection named $page_id and $items.


Flickr from SQL Injection to RCE

By exploiting this vulnerability he was able to get the MYSQL root password. He have reported  both RCE and SQL injection vulnerabilities to the yahoo and now its patched.


According to the Ibrahim Raafat, most of the web applications are vulnerable to the Blind SQL injection and after the deep research you can find the Direct SQL injection in the web application.

Read More

Heartbleed Bug Exposes Your Passwords to Hackers !!

Posted by SiddhartH SolankI
Heartbleed vulnerability is an extreme bug in the most popular OpenSSL encryption technology.  The OpenSSL technology is used by most of the web applications to encrypt the communication like it encrypts our username, password, credit card numbers, bank information, email address and much more personal information.
Heartbleed was discovered by the security team at Codenomicon and then the Neel  Mehta of Google Security have reported this major vulnerability to the OpenSSL team.

Heartbleed vulnerability have affected many web applications as they are using OpenSSL encryption technique to protect the communication.

Some of the companies that where vulnerable to this Heartbleed bug have successfully updated their server with a patch to fix the Heartbleed  bug.

How to protect your self from the Heartbleed vulnerability ?

To protect your self from the Heartbleed vulnerability all you have to do is to change all your passwords. You have to change the passwords of your emails, facebook, twitters and every web applications which uses the OpenSSL encryption technology.
Read More

700+ websites get hacked by Modi ‘fan’ to support Narendra Modi

Posted by SiddhartH SolankI
Narendra Modi, Gujarat's chief minister and the next PM candidate of the India. And he has so many supporters from the youngsters and now a days he is also gets the supports from the hackers.

Narendra Modi Fan Here

Hacker have hacked and defaced 700+ Indian websites to support and promote Narendra Modi.

The list of the hacked website is here.

You can check out the defacement image in the above snapshot. The message written in the defaced website is “ whatever you fail to detect, will cause your downfall..
Narendra Modi fan is here to tell you the truth.. no one is here like Narendra Modi and thats why sonia gandhi and rahul always barking about Narendra Modi and you all know about aam aadmi party who don’t know what they have to do and waht not always one word dharne par bheth jayenge lol!  we just defaced this site to give you a message vote for MODI!  ”
Read More

Pakistani Hacker arrested for hacking into a Cellular Company’s Database

Posted by SiddhartH SolankI
Pakistani hacker arrested by the Pakistan's Federal investigation agency (FIA) for hacking into a cellular company's database and for exposing the database on his website.

Hacker have hacked the database of the Warid Telecom and then he have exposed the database of the Warid Telecom on his website earlysms.com.

Senior manager of Warid Telecom have found that the information of their customer till 2006 had been shard over the internet and then they have filed complaint about it.

earlysms.com website was being hosted by hosterpk and with the help of the hosting company FIA have successfully traced the IP, Email and Phone number of the hacker and he was traced in the shop located at Ghalla Mandi, Noorpur, Kasur.

The FIA team have have found the Warid Data in his computer and then team have seized Two desktop computers, hard drives and other portable drives and they have arrested Mubashar Shahzad. 

The website where the hacker have exposed the database of the telecom company has now been shut down.
Read More