We (Cyber Security and Privacy Foundation) have developed a vulnerable Java based Web Applicatoin . This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ Warning: Don’t run […]
Category: Ethical Hacking
BTS PenTesting Lab – a vulnerable web application to learn common vulnerabilities
The most common question from students who is learning website hacking techniques is “how to test my skills legally without getting into troubles?”. So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques. Mutillidae is one of the best […]
XSS attacks practical examples ~ Cross site Scripting Exploits
Hello BTS readers, So far i explained about XSS attacks and risks of this vulnerability; also i have provided guide to setup your own pentesting lab(using dvwa) to practice XSS attacks. Dvwa is limited to few xss methods. You may curious to know more about the practical examples for the XSS attacks. eHackingNews will help […]
Complete Cross site Scripting(XSS) cheat sheets : Part 1
We are producing this XSS Cheat sheet after collecting the codes from hackers’ techniques and different sites especially http://ha.ckers.org/xss.html . This is complete list of XSS cheat codes which will help you to test xss vulnerabilities ,useful for bypassing the filters. If you have any different cheat codes , please send your code. Basic XSS […]
Complete Cross Site Scripting(XSS) Guide : Web Application Pen Testing
Hello BTS readers, Here is complete series that explains everything about the Cross site scripting. Still more articles are on the way, Stay tuned to BreakTheSec..!Link To Tutorials: Cross Site Scripting(XSS) Basics DOM Based XSS attack XSS Filter Bypass Techniques Self-XSS (Cross Site Scripting) :Social Engineering Attack and Prevention XSS Cheat Sheet XSS Attacks Examples […]
How to deface website with Cross Site Scripting ? : Complete XSS Tutorial
This is my third article about Cross site Scripting Tutorial. Last time, i explained how to do vulnerability test for XSS and some filter bypassing technique. Now let us see how a hacker deface a website with XSS vulnerability? Never implement this technique. I am just explaining it for educational purpose only. Defacing is one […]
Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking
I hope you learned about the Sql injection and XSS from BTS. But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime. So how can we do the practice? Here is the solution for you friends. Why shouldn’t set up your own web […]
Introduction to Vulnerability Assessment
What is Vulnerability Assessment? Vulnerability Assessment is the process that identifies and classifies the vulnerability in a system. The vulnerability are performed in various systems such as IT systems,nuclear power plants, water supply system,etc. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure. It may […]
Self-XSS (Cross Site Scripting) ~ Social Engineering Attack and Prevention
Last time , we have explained about the Clickjacking attack and prevention. Today, i am going to explain about the Self-XSS(Cross Site Scripting) Attack What is Self-XSS? Self-XSS is one of the popular Social Engineering Attack used by Attackers to trick users into paste the malicious code in browser. Results in attacker accessing to the […]
Remote File Inclusion Vulnerability Tutorial~Web application Vulnerability
This is old tutorial but worth to read it. i write this article before 6 months but forget to post. So here i am posting it. Remote file inclusion is one of web application vulnerability . Using this vulnerabilitiy an attacker can include their remote file such as Shell. This results in website defacement. Shell […]