A good tutorial of basic SQL injection (without a tool): http://www.kalitutorials.net/2014/03/sql-injection-how-it-works.html Notice the bottom entryuser-id field: ‘ OR 1= 1; /* and in password field: */– As it states in the image (from the kalitutorials website) the second statement gives you access to data of all accounts. Why is this? because a 1=1 statement … Read more
http://www.darkreading.com/operations/educating-the-cyberwarriors-of-the-future/a/d-id/1319590 Jeff Shilling opines that we need more experienced people in the Cybersecurity field. As usual the issue is senior-level execs do not fully understand all the ramification differences with 1. a person with 5+ years experience in IT plus Cyber Security Knowledge (no university degree)some certifications or 2. a person with 2 … Read more
The Google code website link: https://code.google.com/p/zaproxy/ Here is an interesting bit of info (from the link above): ZAP came second in the Top Security Tools of 2014 as voted by ToolsWatch.org readers Here is a screenshot with my test on my own website – www.fixvirus.com I clicked on the response tab after Owasp-Zap tries to … Read more
Let’s assume that you agree that some sort of testing of your computers/network is required or should be done. How should you test your network? There are daily scans coming onto all ip addresses on the Internet. This is a fact of life. What is going on? We have talked about this before: http://oversitesentry.com/how-many-scans-are-attacking-the-internet/ {Most … Read more
I want to discuss 2 articles and then answer the question on the title. http://www.theguardian.com/small-business-network/2015/mar/24/hackers-cyberwar-businesses-cybercrime {Hackers are winning the cyberwar and businesses are all too often simply hoping for the best, according to many security experts. } Cost of Cybercrime in UK is £18-27bn … supposedly. This could actually be low, since many people do not … Read more
