Posts

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher security settings. Fortify session cookie security.  config/session.php 'secure' => true, 'expire_on_close' => true, 'http_only' => true, 'same_site' => "strict", Use env call to credentials. Do not use hard-coded values.  /config/database.php

[Hone Your Ninja Skill] Bypassing in XSS: Under The Radar, Tactical Filter Bypass 2

Image
Latest additions for the challenge fun -  http://honeyourskills.ninja/target/web/xss/

Cybersecurity Certification Review: Certified Penetration Testing Engineer(CPTE)

Pending post since several years back. Since then, lots of new certification has gained (more) popularity. Veteran said certification markets are evolving every decade. ------------ For some of you who do not know Mile2 organization, Mile2 is a cybersecurity training organization whose certifications are ACCREDITED by  US Government under directives of - NSA CNSS 4011-4016 - NIST / Homeland Security NICCS's Cyber Security Workforce Framework - FBI Cyber Security Certification Requirement list (Tier 1-3) In this series, we will be talking about Certified Penetration Testing Engineer(CPTE) and its exam objectives on each of it areas. Objective 1 – Business & Technical Logistics of Pen Testing This objective tests your understanding of what penetration testing means to a business,  cost of not doing penetration testing exerise, common penetration test methodologies. Objective 2 - Linux Fundamentals This objective tests your basic understanding of Linux that assi

[Hone Your Ninja Skill] Easy Crypto: Unbreakable Signing Level 1, 2

Request signing is extremely common in this days of API everywhere. It is assumed that this may prevent unauthorised modification of API data in transit. Developers also use it to prevent CSRF as they think it's redundant effort to create CSRF token http://honeyourskills.ninja/target/web/easy_crypto/?url=unbreakable-signing-level-1.php http://honeyourskills.ninja/target/web/easy_crypto/?url=unbreakable-signing-level-2.php

[Hone Your Ninja Skill] Mobile : Easy Reversing

Giving sample vulnerable mobile apps for ninja testing could become quick outdated as mobile technology is yearly changing. In this challenge series, you will be challenged with missions with couple of hints to accomplish that mission. Warning: this will involve testing the real-world apps for education purposes.                    http://honeyourskills.ninja/target/mobile/easy_reversing/

[Hone Your Ninja Skill] Data is Golden: Your Profile Data version 2

Limited knowing of latest browsers protection on cross domain access triggers developers to assume we're now completely safe and immune from hijacking attack. http://honeyourskills.ninja/target/web/golden_data/?url=your-profilev2.php

[Hone Your Ninja Skill] Data is Golden: Your Profile Data

We,pentesters, way too much focus on technical aspects of vulnerability. Advanced attackers are goal-driven and objective-based. They set goal and identify which attack vectors can bring them access to golden data that they're targeting. In this challenge series, you will do whatever you can to steal data in unauthorised or unintended way. http://honeyourskills.ninja/target/web/golden_data/