Menu

Close
  • Home
  • Resources
  • Linux Commands
Subscribe
Menu
Chris Young's Picture

Chris Young

Scotland 27 posts
← Newer Posts Page 2 of 5 Older Posts →

XSS - Cross Site Scripting

XSS in an input validation weakness which allows an attacker to inject a payload into a response from the application. When the payload can included HTML/ »

Chris Young Chris Young on OWASP, web app testing, XSS 13 April 2018

XXE - XML External Entity

The XML External Entity (XXE) attack is a type of attack against an application that parses XML input. An XXE attack typically occurs when XML input »

Chris Young Chris Young on OWASP, web app testing, XXE 13 April 2018

Unrestricted File Upload

Many web applications allow users to upload content. The content may be images, word documents, audio and video files etc. This upload facility however exposes a »

Chris Young Chris Young on OWASP, web app testing, File Upload 13 April 2018

SSRF - Server Side Request Forgery

Server Side Request Forgery (SSRF) is a vulnerability that describes the behaviour of a server making a request that is under the attackers control. When using »

Chris Young Chris Young on SSRF, OWASP, web app testing 13 April 2018

SQL Injection Techniques

Basic ' or '1'='1 ' OR '1'='1' -- ' OR '1'='1' ({ ' OR '1'='1' /* Error based Enumeration: (ID parameter in url is »

Chris Young Chris Young on dvwa, SQL Injection, OWASP 13 April 2018

nmap to grab low hanging fruit

Using nmap alongside searchsploit in Kali Linux to grab any low hanging fruit: nmap -p- -sV -oX 71-new.xml 10.10.10.71; searchsploit --nmap 71-new. »

Chris Young Chris Young on nmap, port scanning, low hanging fruit 04 April 2018
← Newer Posts Page 2 of 5 Older Posts →
Chris Young : Pentester in Training © 2018
Proudly published with Ghost