Tag: web

WEB Servers

Configuring HTTPS server – Nginx

Generate a new private key and a Certificate Signing Request openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.reqopenssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.req Generate a certificate signing request (CSR) for an existing private key openssl req -new -key example.com.key -out example.com.reqopenssl req -new -key example.com.key -out example.com.req Edit nginx …

OWASP, Penetration Testing

OWASP Secure Headers

OWASP Secure Headers Project involves setting headers from the server is easy and often doesn’t require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities. OWASP Secure Headers Project intends to raise awareness and use of these headers. – https://www.owasp.org/index.php/OWASP_Secure_Headers_Project Response Headers * HTTP Strict Transport Security (HSTS) …

Web Penetration Testing

Web application bruteforcer

Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports: Recursion (when doing directory discovery) Post data bruteforcing Header bruteforcing Output to HTML (easy for just clicking the links and checking the page, even with postdata!) Colored output Hide results by return code, word numbers, line numbers, etc. Url encoding Cookies …

Web Penetration Testing

Web Application Pentest

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index …

Security, WEB

Detect, record and prevent attacks on web applications

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. Download The Shadow Daemon web application …

Hacking, Penetration Testing

Test the security of web applications

Vega is a free and open source, gui-based, multi-platform and extensible scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and …

Hacking, Penetration Testing

Find security issues on your website automatically

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the …