Web Applications Archives - Page 3 of 7 - Anuj Varma, Hands-On Technology Architect, Clean Air Activist

Archives for Web Applications - Page 3

Reverse Proxy USES

July 7, 2016 Reverse Proxy USES2017-01-30T08:56:14-06:00 Scalability 1 Comment

The most common use-case is a corporate internal web server that is hidden from the internet and an external facing webserver accessible from the ; If the internal web server…

Using Asynchronous methods in .NET–Quick Notes

June 16, 2016 Using Asynchronous methods in .NET–Quick Notes2016-06-16T15:10:38-05:00 ASP.NET MVC No Comment

I developed these notes just as a way to keep myself sane while writing Async methods in C#. Quick Recap - Two types of threads for an programmer 1. Regular…

Browser plugins and security

June 16, 2016 Browser plugins and security2016-06-16T09:39:11-05:00 Security No Comment

The Problem – PlugIns are far behind Browsers Browsers nowadays, will automatically update themselves (with security updates) by default. Plugins are far behind browsers when it comes to security updates…

Types of Security Scans

June 13, 2016 Types of Security Scans2016-06-13T13:32:54-05:00 Security No Comment

Port scanner ( Nmap) Network vulnerability scanner ( Nessus, SAINT, OpenVAS) Web application security scanner ( Nikto, w3af) Database security scanner Host based vulnerability scanner (Lynis)

HTTPs and Authentication based sites not necessarily secure

May 5, 2016 HTTPs and Authentication based sites not necessarily secure2016-05-05T10:05:38-05:00 Security No Comment

Simple HTTPs does little to protect your website. All it does is protect MITM (Man in the Middle) attacks. Even an authentication based website is not necessarily secure - each…

Certificates Demystified – root versus self signed, private versus public key

May 3, 2016 Certificates Demystified – root versus self signed, private versus public key2017-04-24T11:24:09-05:00 Security No Comment

I struggled a lot with understanding the nuances of security certificates – self-signed versus root certs, public keys versus private keys versus Certificate Authorities (CAs)….This post will attempt to clarify…

Random hostnames seen in Fiddler–when using Chrome

April 14, 2016 Random hostnames seen in Fiddler–when using Chrome2016-04-14T12:13:15-05:00 Security No Comment

If you use Google Chrome (and who doesn’t), then you might see requests such as those below when you start up your browser. Randomized hostnames – so obviously, you start…

Sanitizing image and pdf files prior to upload

April 11, 2016 Sanitizing image and pdf files prior to upload2016-04-11T19:28:17-05:00 Security No Comment

Does your site allow for file uploads of any sort? Pdfs? Jpegs? Anything whatsoever? All these file formats are notorious for allowing malware to piggyback onto them (a technique known…

Web Shells

April 8, 2016 Web Shells2016-04-13T17:05:01-05:00 Security No Comment

A web shell is a piece of code that essentially takes over your web ; By providing a simple web-executable file ( aspx file, php file…) that contains code to…

Web application intrusion testing

April 8, 2016 Web application intrusion testing2016-04-08T12:04:57-05:00 Security No Comment

What is Black Box Scanning? Black-box web application scanning, if we abstract from the details, is a simple process: Identify all links, forms, query string parameters. Send specially crafted strings…

‹1 234 5 ›»