١٠١ – دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب

“101 دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب”

“ازاى ابدأ فى مجال اختبار اختراق تطبيقات الويب؟” – “ازاى ادخل مجال ال Web Application Security Pentesting” دا مثال للأسئلة اللى بنستقبلها مراراً وتكراراً، كنت كتبت بوست قبل كدا بيشرح كل دا من A to Z هنزله النهارده تانى بس فى صورة مقال علشان يبقى سهل الرجوع ليه.

فى المقال دا حاولت بقدر الامكان انى اجاوب فيه على كل الاسئلة اللى اتسألتلى فى الفتره اللى فاتت وعن معظم الاسئلة اللى هتجول فى خاطرك علشان تبدأ بسهولة فى مجال القرصنة الاخلاقية Ethical Hacking او تحديداً وبشكل ادق مجال حماية وامان واختبار اختراق تطبيقات الويب Web Application Penetration Testing فى صورة نصائح لراغبى البدء فى اى منهم، النصائح دى بتتلخص فى بعض النقاط وهى:

Continue reading “١٠١ – دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب”

Share

Vulnerability in Metasploit Project aka CVE-2017-5244

 

Hi Guys,
I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂

Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, Community and Professional) of Metasploit Project.

But first what is Metasploit? (Seriously maybe somebody out there don’t know about it yet :D)

Continue reading “Vulnerability in Metasploit Project aka CVE-2017-5244”

Share

WhatsApp Clickjacking Vulnerability – Yet another web client failure!

s

Hi Folks,
I know it’s a little bit lame to mention 2 clickjacking vulnerabilities in row but that what bug hunters always do exposing the largest companies security failures, (Previously was Telegram) this time is the gigantic well-known 19 billion dollar messenger WhatsApp.

Continue reading “WhatsApp Clickjacking Vulnerability – Yet another web client failure!”

Share

Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak

Telegram-Banner

 

[*] Introduction:

Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!

Continue reading “Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak”

Share