In cybersecurity, most security shops push their teams to remediate all vulnerabilities identified by scanning tools immediately. This has proven to be an exhaustive task because there are always new vulnerabilities emerging and most importantly a good number of them
vulnerability
A collection of 6 posts
Log4j Vulnerability
TL:DR Apply vendor recommended patch updates released within the last few days Content: Until last Friday I was not familiar with Apache Log4j but I have learned that it makes use of Java Naming and Directory Interface (JNDI) to
Web Application vulnerability testing tools classification
Application security testing of our web application against malicious actors led me to revisit the different techniques i used in devsecops. Devsecops is the integration of security in development operations especially when using agile development. This table assisted me in
Check if your email account has been compromised
https://haveibeenpwned.com/ https://services.normshield.com/data-breach https://dehashed.com/ Check if your domain and IP address have been compromised; https://censys.io/ https://www.shodan.io/ For more information AND a framework to better design an engagement use;
Open Vulnerability Assessment System (OpenVAS)
There are many good write-ups on this one so i will not duplicate efforts. Check out this link, a well written guide; https://hackertarget.com/openvas-9-install-ubuntu-1604/ After firing up OpenVAS and getting a scan going you will realize that the
AFL-fuzzer
Fuzzing is providing invalid, unexpected or random data to the inputs of a computer program then monitor for exceptions such as crashes, memory leaks or built-in code assertions. Am using AFL on debian linux. Download ALF from: http://lcamtuf.coredump.
Subscribe to Vick
Subscribe today and get access to a private newsletter and new content every week!