When your XSS finding is NOT impressed

By YGN Ethical Hacker Group -
If your XSS finding is not convinced by your clients/stakeholders, demonstrate the impact with BeEF or simple executable download payload could help: Exe Download POC: https://lnkd.in/fWF_nEK BeEF: http://beefproject.com/

Comments

Post a Comment

Popular posts from this blog

secure configurations for Laravel - The PHP Framework

By YEHG -
This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher security settings. Fortify session cookie security.  config/session.php 'secure' => true, 'expire_on_close' => true, 'http_only' => true, 'same_site' => "strict", Use env call to credentials. Do not use hard-coded values.  /config/database.php
Read more

Cybersecurity Certification Review: Certified Penetration Testing Engineer(CPTE)

By YGN Ethical Hacker Group -
Pending post since several years back. Since then, lots of new certification has gained (more) popularity. Veteran said certification markets are evolving every decade. ------------ For some of you who do not know Mile2 organization, Mile2 is a cybersecurity training organization whose certifications are ACCREDITED by  US Government under directives of - NSA CNSS 4011-4016 - NIST / Homeland Security NICCS's Cyber Security Workforce Framework - FBI Cyber Security Certification Requirement list (Tier 1-3) In this series, we will be talking about Certified Penetration Testing Engineer(CPTE) and its exam objectives on each of it areas. Objective 1 – Business & Technical Logistics of Pen Testing This objective tests your understanding of what penetration testing means to a business,  cost of not doing penetration testing exerise, common penetration test methodologies. Objective 2 - Linux Fundamentals This objective tests your basic understanding of Linux that...
Read more