Posts

secure configurations for Laravel - The PHP Framework

By YEHG -
This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher security settings. Fortify session cookie security.  config/session.php 'secure' => true, 'expire_on_close' => true, 'http_only' => true, 'same_site' => "strict", Use env call to credentials. Do not use hard-coded values.  /config/database.php
1 comment
Read more

[Hone Your Ninja Skill] Bypassing in XSS: Under The Radar, Tactical Filter Bypass 2

By YGN Ethical Hacker Group -
Image
Latest additions for the challenge fun -  http://honeyourskills.ninja/target/web/xss/
Post a Comment
Read more

Cybersecurity Certification Review: Certified Penetration Testing Engineer(CPTE)

By YGN Ethical Hacker Group -
Pending post since several years back. Since then, lots of new certification has gained (more) popularity. Veteran said certification markets are evolving every decade. ------------ For some of you who do not know Mile2 organization, Mile2 is a cybersecurity training organization whose certifications are ACCREDITED by  US Government under directives of - NSA CNSS 4011-4016 - NIST / Homeland Security NICCS's Cyber Security Workforce Framework - FBI Cyber Security Certification Requirement list (Tier 1-3) In this series, we will be talking about Certified Penetration Testing Engineer(CPTE) and its exam objectives on each of it areas. Objective 1 – Business & Technical Logistics of Pen Testing This objective tests your understanding of what penetration testing means to a business,  cost of not doing penetration testing exerise, common penetration test methodologies. Objective 2 - Linux Fundamentals This objective tests your basic understanding of Linux that assi
Post a Comment
Read more

[Hone Your Ninja Skill] Easy Crypto: Unbreakable Signing Level 1, 2

By YGN Ethical Hacker Group -
Request signing is extremely common in this days of API everywhere. It is assumed that this may prevent unauthorised modification of API data in transit. Developers also use it to prevent CSRF as they think it's redundant effort to create CSRF token http://honeyourskills.ninja/target/web/easy_crypto/?url=unbreakable-signing-level-1.php http://honeyourskills.ninja/target/web/easy_crypto/?url=unbreakable-signing-level-2.php
Post a Comment
Read more

[Hone Your Ninja Skill] Mobile : Easy Reversing

By YGN Ethical Hacker Group -
Giving sample vulnerable mobile apps for ninja testing could become quick outdated as mobile technology is yearly changing. In this challenge series, you will be challenged with missions with couple of hints to accomplish that mission. Warning: this will involve testing the real-world apps for education purposes.                    http://honeyourskills.ninja/target/mobile/easy_reversing/
Post a Comment
Read more

[Hone Your Ninja Skill] Data is Golden: Your Profile Data version 2

By YGN Ethical Hacker Group -
Limited knowing of latest browsers protection on cross domain access triggers developers to assume we're now completely safe and immune from hijacking attack. http://honeyourskills.ninja/target/web/golden_data/?url=your-profilev2.php
Post a Comment
Read more

[Hone Your Ninja Skill] Data is Golden: Your Profile Data

By YGN Ethical Hacker Group -
We,pentesters, way too much focus on technical aspects of vulnerability. Advanced attackers are goal-driven and objective-based. They set goal and identify which attack vectors can bring them access to golden data that they're targeting. In this challenge series, you will do whatever you can to steal data in unauthorised or unintended way. http://honeyourskills.ninja/target/web/golden_data/
Post a Comment
Read more