[Book IT] Hacker 7.0 di Stuart McClure

Giunge alla settima edizione un libro universalmente riconosciuto come il testo fondamentale sulla sicurezza delle reti informatiche. Se il concetto alla base del testo non cambia - per catturare un ladro, devi pensare come un ladro - l'intero contenuto è stato rielaborato e integrato con nuovi temi di fondamentale importanza. Trova quindi spazio la descrizione … Continue reading [Book IT] Hacker 7.0 di Stuart McClure →

WordPress vulnerabilities scanners and bruteforce tools – Part 1 – WPSCAN

WordPress has always been one of the most stable and secure CMS. But that does not mean that it is free of all kinds of bugs. They are certainly less likely than others to be hacked, but the presence of additional plugins makes it as versatile as it is at risk. The plugins available for … Continue reading WordPress vulnerabilities scanners and bruteforce tools – Part 1 – WPSCAN →

[Video] Understanding causes and effects of Local File inclusion

Understanding causes and effects of Local File inclusion

Local File Inclusion and Directory traversal

Directory traversal It is essential to mention this attack before we start talking about LFI. If possible, when making an attack of type LFI, it would be useful to be able to identify the location of the file containing the vulnerability. In the present case, making a directory traversal type attack will allow to know … Continue reading Local File Inclusion and Directory traversal →

Remote File Inclusion – Attack and Defense

Remote File Inclusion, or RFI, in the field of computer security, indicates a vulnerability affecting web services with little control over the variables received by a user, in particular the PHP GET and POST variables (but not only in php). The vulnerability occurs when a page to be included is passed through an uncontrolled variable. … Continue reading Remote File Inclusion – Attack and Defense →

[Italian] RFI – Remote File Inclusion – Cosa sono e come difendersi.

Remote File Inclusion, o RFI, nell'ambito della sicurezza informatica indica una vulnerabilità che affligge i servizi web con uno scarso controllo delle variabili arrivate da un utente, in particolare le variabili GET e POST del PHP (ma non solo in php). La vulnerabilità si manifesta quando una pagina da includere viene passata per una variabile … Continue reading [Italian] RFI – Remote File Inclusion – Cosa sono e come difendersi. →

[Video] SQL Injection Step by Step

Read the papers to understand better this attack. Enjoy. D3x3.

[Video] Play Framework Session Injection – Part 2 – Pentesterlab

[VIDEO] Play Framework Session Injection – Part 1

[English]Understanding the cause and the effect of SQL Injection

Intro: The years pass and web masters are more and more, many of them unable to create a really secure website. The purpose of this tutorial is to inform anyone who has a site to be very careful to create this. In particular we will talk about a very used attack that aims to find … Continue reading [English]Understanding the cause and the effect of SQL Injection →