Finding a Qualified Penetration Tester for Your Site

The penetration testing industry is enjoying an upsurge as more high-profile security breaches are reported in the media, such as the recent LinkedIn password debacle, and companies scramble to tighten up their systems. Done correctly, pen testing can illuminate security flaws in a network by utilizing the skills and viewpoint of an external third party, which in most cases, to be frank, is a

CVE-2012-2122: Exploiting authentication bypass vulnerability in MySQL and MariaDB

The news about the vulnerability in MySQL and MariaDB spreads like a wild fire. I have covered about this vulnerability in E Hacking news as news article. Here, i am going to share the same thing from the perspective of a penetration tester.

The MySQL and MariaDB versions 5.161,5.2.11,5.3.5 and 5.5.c2 are affected version.

The vulnerability allows an attacker to access MySQL database without

DOM Based Cross Site Scripting(XSS) vulnerability Tutorial

So far i have explained about the Traditional Cross site scripting that occurs because of insecure server-side code. In this post , i am going to explain the DOM Based Cross Site Scripting vulnerability. if you don't know what is cross site scripting , then i recommend you to read the basics from here.

Before explaining about the DOM based xss, let me explain what DOM means to.


What is DOM?

The Art of Human Hacking -Social Engineering(SE) tutorial series

Hello BTS readers, here we come with an interesting tutorial written by my friend Mr.Ashish Mistry who is the founder of Hcon and author of 'HconSTF ' project.


Hello all,

after a long time I am again started writing, In a hope that my believe in “sharing the spirit of learning” fulfills well. So from today I am going to write series of tutorials on my favorite topic, 'Social Engineering' (SE)

Complete Cross site Scripting(XSS) cheat sheets : Part 1

I am just providing this XSS Cheat sheet after collecting the exploit-codes from hackers' techniques and different sites especially http://ha.ckers.org/xss.html .  This is complete list of XSS cheat codes which will help you to test xss vulnerabilities ,useful for bypassing the filters.  If you have any different cheat codes , please send your code.

Basic XSS codes:
----------------------------

E Hacking News & PenTest Partnership announced!

We’re proud to announce that we’ve just partnered with PenTest Magazine!
About PenTest Magazine:
PenTest Magazine is a weekly downloadable IT security mag, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from

How to do Cookie Stealing with Cross site Scripting Vulnerability ? : XSS Tutorials

Hope, you are now familiar with XSS vulnerability (if you don't know what it is, read the beginners xss tutorial). It is my Fourth article about the XSS Vulnerability Testing(PenTesting)..! Today i am going to explain how an attacker exploit XSS vulnerability and steal cookie from users.

Warning!!!BTS does not take responsibility, if anyone, tries these hacks against any organization or

Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing

copyrights reserved © 2viet.blogspot.com
Hi friends, last time, i explained what is XSS and how an attacker can inject malicious script in your site. As i promised earlier, i am writing this advanced XSS tutorial for you(still more articles will come).

Sometimes, website owner use XSS filters(WAF) to protect against XSS vulnerability.
For eg: if you put the alert("hi") , the

What is Penetration Testing and Pen Testing Distribution?

Penetration Testing(Pen Testing) is the act of evaluating the Security of system or network by exploiting vulnerabilities. This will determine whether unauthorized or malicious activity is possible in a system. Vulnerability uncovered through the Pen Testing will be presented to the system's owner.


Why Penetration Testing?

Pentetration testing can identify the vulnerabilities that is not

How to use Joomscan to find the Joomla Vulnerability in Backtrack 5 Linux?

Joomscan is one of penetration testing tool that help to find the vulnerability in Joomla CMS.   The Updated version can detects 550 Vulnerabilities. Let me show how to use this joomscan in Backtrack5.

Download the Joomscan from here:
http://web-center.si/joomscan/joomscan.tar.gz
Step 1: Moving to PenTest folderCopy/Move the downloaded files in directory
 /pentest/web/scanners/joomscan/

Step2:

What is Blind Sql Injection ? Web Application Vulnerability Tutorial

Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL

Cross Site Scripting(XSS) Complete Tutorial for Beginners~ Web Application Vulnerability

What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.

In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute

Introduction to Web Application Firewall (WAF) ~ Website Security

What is WAF?WAF is expanded as Web Application Firewall. WAF is server side application that controls the input and output(filter the HTTP communication).  It controls network traffic on any OSI Layer up to Application Layer.  The main purpose of WAF is to provide better protection over the top Wep Application vulnerability such as XSS(Cross Site Scripting), SQL Injection,RFI.  Daily lot of

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

What is Blind SQL Injection:Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This

Learn Web Application Exploits and Defenses for free~Penetration Testing

Are you willing to Learn Web Application Exploitation and Defense against that? Here is the chance for you.   Google Labs provides a Lab to learn Web Application for free of cost.


Penetration Testing :
Learn how hackers find security vulnerabilities!
Learn how hackers exploit web applications!
Learn how to stop them! 
This code lab shows how web application vulnerabilities can be exploited

Hash Code Cracker v1.2 Video Tutorials

Running Application:How to start Hash Code Cracker Jar with double Click?
How to Run Hash Code Cracker Jar using Command Prompt?
In Linux:
Terminal: The same procedure is followed for Linux version.  Just open the Terminal instead command Prompt.


Using Application for Cracking password:
How to Crack the Password using Online Cracker Hash Code Cracker v1.2?