Burp Suite is a framework written in Java that aims to provide a one-stop-shop for web application penetration testing. Burp Suite is also very commonly used when assessing mobile applications, as the same features which make it so attractive for web app testing translate almost perfectly into testing the APIs (Application Programming Interfaces) powering most mobile apps. … Read more
A01:2021-Broken Access Control moves up from the fifth position to the category with the most serious web application security risk; the contributed data indicates that on average, 3.81% of applications tested had one or more Common Weakness Enumerations (CWEs) with more than 318k occurrences of CWEs in this risk category. The 34 CWEs mapped to Broken … Read more
Nmap port states Open Indicates that an application on the target system is actively accepting connections (TCP/UDP/SCTP) on that port. Closed Indicates there isn’t any application listening on that port. Filtered Nmap cannot to determine the port status as the nmap probes are not able to reach the port. Such filtering could be from a … Read more
Nmap 7.80 ( https://nmap.org )Usage: nmap [Scan Type(s)] [Options] {target specification}TARGET SPECIFICATION:Can pass hostnames, IP addresses, networks, etc.Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254-iL : Input from list of hosts/networks-iR : Choose random targets–exclude : Exclude hosts/networks–excludefile : Exclude list from fileHOST DISCOVERY:-sL: List Scan – simply list targets to scan-sn: Ping Scan – disable port scan-Pn: … Read more