vasucomputer

collection of information from internet links and resources at this blog-spot for students to learn

Saturday, November 2, 2019

Web applications pen testing

https://www.veracode.com/security/arp-spoofing ( web application flaws and vulnerabilities tutorials)
https://www.apriorit.com/dev-blog/622-qa-web-application-pen-testing-owasp-checklist
https://www.hacker101.com/ (free video lessons on ethical hacking and bug bounty )
https://hackademy.aetherlab.net/p/burp-suite ( for manual testing with Burp suite for free video lecture)
https://www.guru99.com/complete-web-application-testing-checklist.html
https://www.instart.com/blog/4-common-web-application-security-attacks-and-what-you-can-do-prevent-them
https://www.blackhat.com/trainings/ (Training of Black hat)
https://www.whitehatsec.com/glossary/ (various vulnerable attacks and analysis)
https://portswigger.net/blog/null-byte-attacks-are-alive-and-well
https://www.veracode.com/blog/secure-development/top-five-web-application-authentication-vulnerabilities-we-find
https://www.exploit-db.com/docs/english/44319-web-application-security-testing.pdf

Interview questions -Pen Testing
https://www.janbasktraining.com/blog/security-testing-interview-questions/ (15 questions and answers)
https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/pentesting-interview-questions/ (10 Common Interview Questions For Penetration Testers )
https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/pentesting-interview-questions/
https://www.wisdomjobs.com/e-university/malware-interview-questions.html (250+ MALWARE INTERVIEW QUESTIONS & ANSWERS)
https://www.wisdomjobs.com/e-university/malware-interview-questions.html (50+ interview questions on Cyber security)
https://www.edureka.co/blog/interview-questions/cybersecurity-interview-questions/
APPROACHES, TOOLS AND TECHNIQUES FOR SECURITY TESTING
https://www.3pillarglobal.com/insights/approaches-tools-techniques-for-security-testing

Attacking Types, Methadology, Counter measures
https://www.greycampus.com/opencampus/ethical-hacking/web-server-and-its-types-of-attacks
(Web Server and its Types of Attacks)

Tips for securing Web-based applications
https://searchsecurity.techtarget.com/tip/Tips-for-securing-Web-based-applications?bucket=ETA
webpage programming from KHAN Academy

https://www.khanacademy.org/computing

Posted by vasulu.b at 11:07 AM 1 comment:

Thursday, October 31, 2019

web applications pen Testing and samurai framework for web applications testing

https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm (step by step procedure on manual testing and automated pen testing)
Penetration testers knowledge and expertise:
Black hat attack methodologies (e.g., remote access attacks, SQL injection)
Internal and external testing (i.e., perspective of someone within the network, perspective of hacker over Internet)
Web front-end technologies (e.g.,Javascript, HTML)
Web application programming languages (e.g., Python, PHP)
Web APIs (e.g., restful, SOAP)
Network technologies (e.g, firewalls, IDS)
Networking protocols (e.g., TCP/UDP, SSL)
Operating systems (e.g., Linux, Windows)
Scripting languages (e.g., python, pearl)
Testing tools (e.g., Nessus, Metasploit)
In short, penetration testers provide a deep look into the data security of an organization.
https://www.netsparker.com/blog/web-security/getting-started-web-application-security/
https://searchsecurity.techtarget.com/tip/5-step-checklist-for-web-application-security-testing
https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm
https://www.guru99.com/web-application-testing.html
http://www.internet-computer-security.com/VPN-Guide/SSL-VPN.html
https://sectools.org/tool/samurai/
https://www.apriorit.com/dev-blog/622-qa-web-application-pen-testing-owasp-checklist

What are the Skill-Sets of Ethical Hackers?
Expert ethical hackers have the following skill-sets to hack the system ethically

They must be trustworthy.
Whatever the risks and vulnerabilities, they discover while testing the system, they have to keep them confidential.
Clients provide confidential information about their system infrastructure such as IP address, password, etc. Ethical hackers need to keep this information confidential.
Ethical hackers must have sound knowledge of computer programming, networking and hardware.
They should have good analytical skills to analyze the situation and speculate the risk in advance.
They should have the management skill along with patience, as pen testing can take one day, one week, or even more.

What do Ethical Hackers do?
Ethical hackers (while performing penetration testing) basically try to find the answers to the following questions −

What are the weak points that a criminal hacker can hit?
What can a criminal hacker see on the target systems?
What can a criminal hacker do with that confidential information?

Moreover, an ethical hacker is required to address adequately the vulnerabilities and risks, which he found to exist in the target system(s). He needs to explain and suggest the avoidance procedures. Finally, prepare a final report of his all ethical activities that he did and observed while performing penetration testing.

SSL VPN (Secure Socket Layer VPN)

Now vendors have started making use of the SSL application layer protocol in conjunction with VPN’s. SSL provides excellent security for remote access users as well as ease of use. SSL is already heavily used such as when you shop online, accessing your bank account online, you will notice an SSL protected page when you see the “https” in your browser URL bar as opposed to “http”. The difference in using SSL VPN is, with IPSec a remote user would require client software and would need to configure this. However with SSL VPN you do not need any client software as you log into a portal. You just need the URL address and use a web browser to access the portal.The portal is a GUI interface that is accessed via a web browser and contains tools and utilities in order to access applications on the network such as RDP and Outlook. SSL VPN can also imitate the way IPSec works via a lightweight software client that can be configured and installed without much effort, which simplifies the process in securely accessing the corporate network.

For a first time VPN user using SSL they would access the VPN gateway via their web browser either using an IP address or a domain name. This would take them to a GUI asking them to log in. To imitate that of the way IPSec works (giving full access to the network from a client) client software can be installed via ActiveX or Java. When client software has been installed, remote user would be able to login which will create a VPN tunnel from remote user to VPN gateway. Now the end user will have access to their network resources.

The client software installed through a web browser is a breeze and in fact you would not notice much at all. All the settings are configured for you, and it is as simple as clicking a button when installing client software for SSL VPN.

Posted by vasulu.b at 4:29 AM No comments:

Sunday, October 27, 2019

Nessus tool, Code development of web applications and networking

Nessus tool report analysis
https://virginia.service-now.com/its?id=itsweb_kb_article&sys_id=75e70054dbb553404f32fb671d9619d5
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H (CVSS report analysis)
https://www.greycampus.com/opencampus/ethical-hacking/sniffing-and-its-types (SNIFFING types)
web applications
https://developers.google.com/web/tools/lighthouse/audits/oversized-images
https://securityintelligence.com/a-step-by-step-guide-to-vulnerability-assessment/ (security news for updates)
https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html (OWASP cheat sheets)
https://www.hackingarticles.in/sessions-command-metasploit/ (Hacking Articles)

https://www.greycampus.com/blog/information-security/penetration-testing-step-by-step-guide-stages-methods-and-application (Pen Testing - step by step guide)

https://www.eurovps.com/blog/important-linux-log-files-you-must-be-monitoring/ (Linux commands - Log files)

Posted by vasulu.b at 12:48 AM No comments:

Thursday, October 24, 2019

session tokens, cookies and networking

https://www.enisa.europa.eu/events
https://www.first.org/cvss/calculator/3.0 (CVSS calculator)
https://tools.cisco.com/security/center/cvssCalculator.x (online CVSS calculator - interactive)
https://www.first.org/cvss/specification-document#3-1-Exploit-Code-Maturity-E (CVSS 3.1 guide)
https://www.recordedfuture.com/cvss-scores-guide/ (CVSS score guides)
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator (CVSS score calculation procedure)
https://rhinosecuritylabs.com/landing/network-penetration-test-report/
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
https://www.tecmint.com/tcpflow-analyze-debug-network-traffic-in-linux/
https://searchnetworking.techtarget.com/answer/How-to-interpret-test-scan-results-to-assess-network-vulnerability
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
https://security.berkeley.edu/faq/nessus-network-vulnerability-scanning
https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture29.pdf

Hackers club tools
https://hackersonlineclub.com/vapt-tools/
https://hacken.io/research/education/how-much-does-penetration-test-cost-or-price-of-your-security/ (cost of pen test analysis)
https://searchsecurity.techtarget.com/feature/Choose-the-best-vulnerability-assessment-tools
https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/vulnerabilities-and-exploits (Vulnerables repository)
https://www.exploit-db.com/ (oldest vulnerables repository)
https://snyk.io/vuln (existing vulnerabilities repository database)

Amazon Web Services(aws)
https://www.andreafortuna.org/2018/07/18/tcpdump-a-simple-cheatsheet/
https://virginia.service-now.com/its?id=itsweb_kb_article&sys_id=75e70054dbb553404f32fb671d9619d5 Plugin are similar to virus information

Nessus security centre (Tenable.sc) tool
https://www.tenable.com/sc-report-templates/tcp-metrics-report
https://gf.dev/website-audit (website testing)
https://www.bonkersabouttech.com/security/40-plus-list-of-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392 (vulnerable sites to practice)
(windows 10 64bit .iso iage to download) https://zillowtech.com/download-windows-10-iso.html
https://www.technewsworld.com/story/54411.html

Posted by vasulu.b at 9:19 AM No comments:

Monday, October 21, 2019

CEH tools tutorials

https://github.com/enaqx/awesome-pentest (download all CEH tools and its books)

Netsparker

https://www.netsparker.com/plans-comparison/
https://ethical-hacking.soft112.com/
https://www.dr-farfar.com/netsparker-professional-full/ (netsparker tool -download cracked version V5.3.0.24388)

Posted by vasulu.b at 11:23 AM No comments:

Friday, October 4, 2019

web application vulnerabilities and HTTP protocols

https://medium.com/@TechExpertise/owasp-top-10-web-app-vulnerabilities-over-time-8997af9cb13a

https://www.httpdebugger.com/http/http_protocol.html
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

https://intellipaat.com/blog/interview-question/ethical-hacking-interview-questions/

Cheatsheet- XSS Filter evasion
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

Posted by vasulu.b at 7:59 AM No comments:

Thursday, October 3, 2019

CISSP certification

https://www.guru99.com/cissp-certification.html

Match the Eligibility Criteria: Key prerequisites

You need atleast 5 years cumulative paid full-time work experience in at least two domains of the CISSP Common Book of Knowledge.
Getting 4-year college education degree or a regional equivalent of a cissp credential from the (ISC)2 approved list. This helps you to satisfy 1 year of the required experience.
If you don't have the needed experience to become a CISSP professional, you can become an Associate of (ISC)2 by passing the basic level the CISSP examination.
The Associate of (ISC)2 will then get 6 years to earn the 5 years required experience.
Once you get the certification, you should recertify it after every 3 years. Recertification is accomplished by earning continuing professional education (CPE) credits and paying an annual membership fee.

Posted by vasulu.b at 9:06 AM No comments:

Tuesday, October 1, 2019

SaaS pen testing tutorials and questions

https://blog.cobalt.io/pen-testing-for-saas-companies-f472f4e72e44
https://www.breachlock.com/penetration-testing-for-saas-companies/
https://techbeacon.com/enterprise-it/pen-testing-cloud-based-apps-step-step-guide

https://oer.galileo.usg.edu/cgi/viewcontent.cgi?article=1009&context=compsci-collections (network security and penetration testing)

http://www.c4learn.com/c-programming/c-pre-processor-directives/

Posted by vasulu.b at 7:32 AM 1 comment:

Monday, September 30, 2019

Cross Site Scripting, malware coding, Networking protocols INTERVIEW questions

https://compsecurityconcepts.wordpress.com/2013/11/02/cross-site-scripting/
https://www.infosec.gov.hk/english/virus/virus.html
https://www.softwaretestinghelp.com/cross-site-scripting-xss-attack-test/
https://www.veracode.com/security/xss (video tutorials as well)
https://www.acunetix.com/websitesecurity/cross-site-scripting/
https://css-tricks.com/anatomy-of-a-malicious-script-how-a-website-can-take-over-your-browser/
https://medium.com/iocscan/dom-based-cross-site-scripting-dom-xss-3396453364fd

Web pen testing interview questions
https://compsecurityconcepts.wordpress.com/2015/03/29/web-penetration-testing-interview-questions-answers/
https://www.greycampus.com/blog/information-security/top-cyber-security-interview-questions
https://www.guru99.com/cyber-security-interview-questions.html
https://intellipaat.com/blog/interview-question/ethical-hacking-interview-questions/
malware

http://www.bluekaizen.org/writing-your-own-malware/
https://www.tutorialspoint.com/security_testing/malacious_software.htm
https://www.guru99.com/learn-everything-about-trojans-viruses-and-worms.html
https://www.geeksforgeeks.org/malware-and-its-types/

Networking protocols
https://www.guru99.com/introduction-ccna.html
https://hub.packtpub.com/8-programming-languages-to-learn-in-2019/

Best languages for malware analysis
https://www.malwaretech.com/2018/03/best-programming-languages-to-learn-for-malware-analysis.html
pen tester
https://www.concise-courses.com/how-to-become-a-penetration-tester/
https://developers.slashdot.org/story/19/03/25/0322202/which-programming-language-has-the-most-security-vulnerabilities

Posted by vasulu.b at 9:27 AM No comments:

Saturday, September 28, 2019

database installations and commands

https://proprivacy.com/guides/ethical-hacking-guide
https://resources.infosecinstitute.com/website-hacking-101/#article
https://www.exploit-db.com/google-hacking-database
Cross Site Request Forgery https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
https://www.cyberciti.biz/tips/linux-security.html (important)
https://www.cyberhackingtips.com/ (tips)
https://www.sans.org/reading-room/whitepapers/awareness/paper/37825
https://www.softwaretestinghelp.com/penetration-testing-tools/
https://www.a2hosting.in/kb/developer-corner/mysql/connect-to-mysql-from-the-command-line
https://www.wikihow.com/Hack-a-Database
https://itsfoss.com/best-kali-linux-tools/
http://mstechgurus10.blogspot.com/2013/01/linux-file-system-diagram.html

questions
https://www.sanfoundry.com/cyber-security-questions-answers-types-hackers-security-professionals/
https://www.sanfoundry.com/cyber-security-questions-answers-hacking-security-skills/

https://www.wikihow.com/Hack
oracle 19c database tutorial
https://oracle-base.com/articles/vm/a-cure-for-virtual-insanity (Amazon Web Services-AWS and Cloud Database offering)
https://oracle-base.com/articles/vm/a-cure-for-virtual-insanity

cyber security questions and pen tester interview questions
https://www.synopsys.com/blogs/software-security/web-appsec-interview-questions/
https://www.wisdomjobs.com/e-university/penetration-testing-interview-questions.html
https://compsecurityconcepts.wordpress.com/2016/02/19/network-penetration-testing-interview-questions-answers/
https://allabouttesting.org/interview-questions-answers-penetration-testing/
https://www.glassdoor.ca/Interview/canada-penetration-tester-interview-questions-SRCH_IL.0,6_IN3_KO7,25.htm
https://www.softwaretestinghelp.com/interview-questions/security-testing-interview-questions-and-answers/
https://compsecurityconcepts.wordpress.com/2016/02/19/network-penetration-testing-interview-questions-answers/
https://resources.infosecinstitute.com/top-30-penetration-tester-pentester-interview-questions-and-answers-for-2019/#gref
https://www.sanfoundry.com/cyber-security-questions-answers-hacking-security-skills/
https://www.sanfoundry.com/cyber-security-questions-answers-types-hackers-security-professionals/
https://www.softwaretestinghelp.com/penetration-testing-tools/

https://www.synopsys.com/blogs/software-security/web-appsec-interview-questions/

Posted by vasulu.b at 10:57 PM No comments:

Wednesday, September 18, 2019

Penetration testing tutorials and Ethical hacking tests

https://www.techbeamers.com/penetration-test-and-types/
https://cipher.com/blog/the-types-of-pentests-you-must-know-about/
https://www.veracode.com/security/vulnerability-assessment-and-penetration-testing
https://www.veracode.com/security/java-sql-injection

https://www.hackingloops.com/penetration-testing-tools/ (tutorial)
https://blog.feedspot.com/hacker_blogs/ (list of hacking sites)
https://www.hackingarticles.in/category/database-hacking/
https://www.wikihow.com/Hack-a-Database
https://www.adminschoice.com/red-hat-7-x-installation-step-by-step-guide
https://www.hackingloops.com/ceh-practice-tests/

Certified Ethical Hacking

Online practice tests

https://ceh.cagy.org/

https://www.test-questions.com/ceh-exam-questions-02.php

http://www.testsahoy.com/it-certification/cyber-security/tests-for-ceh

https://www.hackingloops.com/ceh-practice-tests/

http://www.gocertify.com/quizzes/

https://www.vskills.in/practice/ethical-hacking-mock-test

https://www.multisoftvirtualacademy.com/assessments/ethical-hacking-online-practice-test

https://www.skillset.com/certifications/ceh

https://www.guru99.com/component/com_joomlaquiz/Itemid,1187/quiz_id,29/view,quiz/

https://www.edusum.com/category/ceh-v10-mock-exam

ECSA- practice tests online

EC-Security Analyst

https://www.test-questions.com/ecsa-exam-questions-01.php

Posted by vasulu.b at 9:21 AM 1 comment:

Thursday, September 12, 2019

Information security fundamentals and cyber security interview questions

https://www.greycampus.com/blog/information-security/top-cyber-security-interview-questions
https://www.guru99.com/kali-linux-tutorial.html
https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/pentesting-interview-questions/
https://resources.infosecinstitute.com/top-50-information-security-interview-questions/#gref
https://www.sanfoundry.com/computer-fundamentals-questions-answers-network-security/
https://www.educba.com/penetration-testing-interview-questions/
https://www.educba.com/category/software-development/software-development-blog/ethical-hacking-tutorial/

Penetration Testing	Ethical Hacking
A narrow term which focuses on performing cyber security assessment on IT systems	A comprehensive term in which penetration testing is only one feature
A tester needs to have a good knowledge and skills only in the specific area for which he conducts pen testing	An ethical hacker needs to possess a comprehensive knowledge of various programming and hardware techniques
Anyone who is familiar with penetration testing can perform pen tests	Usually is required an obligatory certification of ethical hacking
Access is required only to those systems on which the pen testing will be conducted	Access is required to a wide range of computer systems throughout an IT infrastructure

https://resources.infosecinstitute.com/category/certifications-training/pentesting-certifications/common-pentesting-mistakes/

https://resources.infosecinstitute.com/category/certifications-training/cissp/cissp-interview-questions/

https://resources.infosecinstitute.com/category/certifications-training/cissp/experience-waiver/ (for CISSP exam)

https://resources.infosecinstitute.com/category/certifications-training/cissp/experience-waiver/

Posted by vasulu.b at 6:36 AM 2 comments:

Newer Posts Older Posts Home

Subscribe to: Posts (Atom)

Project reports of SISI in India

Lithium-ion battery manufacturer- supplies details
vol.6- Chemical products project reports
vol.7- Food products project reports

Hyderabad voter slip download page

telangana -hyderabad voter slip download

Devotional and astrology

Ganesh Beeja mantra

General Info

linux admin and devops interview questions
contact info- cybercrime-@hyderabad

Malware attacks news

Java script tutorial
Nnakedsecurity sophos

Interactive programming tutorials

Interactive courses - Pakt
powershell-unit test -with pester
W3 resources- interactive SQL tutorials
aoneapps.com-top-cheat-sheets-for-uxui-design
app-dev-testing/5-best-tools-building-progressive-web-apps-fast
cheat-sheets-for-web-designers
HTML5 periodic table
Hour of code -webpage-animation-database-
internet-CPU-khan academy videos
HTML5-CSS-JavaScript-Jquery

CEH - pen tester info

20 online free tools-for validating code of website
Burp suite tool tutorial
resources of bugbounty hunter
software tutorials text only
CEH tools for netsparker
CCNA- Network courses after 10th class
Vulnerabilities and exploits with tokens
Nessus -analysing reports
Greycampus-CEH tutorials
Hacking articles
Owasp top10 in 2019
wifi, zigbee and zwave comparison
security vulnerability search reports

VLSI , programme tutorials and sparetime earnings

PYTHON tutorials
29 websites-free ebooks to download
RHEL 7.7 download site with bootable disk
Kali Linux for Vmware
VMware - keys- all versions
verilog interview questions
free spare time business to write articles
Verilog books and FPGA related from aldec.com
VHDL books to download and other computer books as well

users

Power point presentation video tutorials

https://indianlawcompany.wordpress.com/disclaimer/
http://presentationsoft.about.com/od/powerpointvideos/PowerPoint_Videos_Library_of_PowerPoint_Video_Tutorials.htm

PC repair links

TCL and TK basics tutorial and sooftware down load info
CBT tutorials from http://tt.torrentportal.com
Divx to wmv convertion software to download
The BEE movie online
BUG Life-useful link of uploads divx
basics of hacking
hacking books links list to download
hacking books download link
hack-pen-test- video demo
ethical-hacking- ViDEO demo
hot-oracle tutorials
PC mechanical

Remote control tutorials

Hobby projects in electronics
Home Theater Enhancements through remote control
Speaking of Gadgets... News and ideas about building electronics projects

FPGA and ASIC tutorials

History of FPGA-from google videos
ASIC online basics
Internet Electronic Resources
Radio Electronics Tutorials
BRIEF OVER VIEW OF FIBER OPTIC CABLE ADVANTAGES OVER COPPER
telecommunication tutorials
Animation based electronoics link
The educational encyclopedia- VHDL and ASIC tutorials
general electronic information
FPGA tutorial link

Electronics tutorials link

IR remote control signal receiver using AVR microcontroller
REMOTE CONTROL ROBOTS tutorials
Remote Control Circuit diagrams
Good web link on electronics tutorials
Basic Electronics
Googles Link on electronic components Tutorials
Alex's Library-An Online Guide to Useful Electrical and Electronic Information
analog and digital circuit tutorials
Helpful Electronic Tutorials
Basic electronic Tutorials
EDUCATIONAL TUTORIALS - ELECTRONIC THEORY for beginners and advanced
basic electronics concepts link for beginners

Tutorials and basic commands

tv channel from India free
VHDL Tutorial: Learn by Example
http://www.c-sharpcorner.com/
software training video links
Are You A Digital Engineer ?
Learn photo shop in 2 hours-video
Anti virus basics -important document
Database code
Database Articles
VB basics
Building an Anti-Virus Engine
Where to Go to Download Free Software
Beginners Guides- collection
Reference Browser Chart
power point presentationstock templates to download
XHTML and CSS tutorials
Reference HTML Cheatsheet
Reference CSS- Stylesheets Guide
Unix basic commands

Free online books to download in electronics

Opensource e-journal and e-book links
Telecommunication Website Links Information
books on electronics and computer hardware

Blog Archive

► 2021 (1)
- ► April (1)

► 2020 (3)
- ► November (1)
- ► February (2)

▼ 2019 (12)
- ▼ November (1)
  - Web applications pen testing
- ► October (7)
- ► September (4)

► 2016 (3)
- ► August (3)

► 2012 (1)
- ► November (1)

► 2011 (2)
- ► December (1)
- ► September (1)

► 2009 (2)
- ► October (1)
- ► September (1)

► 2008 (3)
- ► October (1)
- ► August (2)

► 2007 (20)
- ► December (3)
- ► November (12)
- ► October (5)

Picture Window theme. Powered by Blogger.