Whitehats CyberSecurity

Cloud is the no more a new buzz, and slowly the world is moving towards cloud to save cost and transfer ownership of their own infra challenges to cloud vendors. There are many considerations for cloud and which model to follow completely depends on requirements and vision of an organizations moving to cloud. While cost plays a major role, still security challenges will still be in place when cloud is considered for the applications. There may be a case when applications are still developed in house and hosting happens on cloud as production. It is very important to simulate cloud security considerations when development of applications is in process. In many cases, development environment may not be more secure compared to production as it is required for testing, however this could also pose challenge as to make application fast and scalable, some security points may be left. In order to ensure cloud applications are secure enough for business purpose, few points are me

Web application security forms the backbone of many business as it represents the web form of business review and conduct day to day business. In today's scenario, many web forms and business sites, perform major transactions on websites and moving to mobile applications. While security standards should be followed during coding phases, still there are major challenges when the application goes live. The reason for vulnerable application can vary depending on business needs as business wants the production to go at a rapid pace and still working on budgets to propose the security requirements, old/legacy codes with reusable components are used to rush the code to production. We will list down certain points which can be helpful to understand while starting web application security assessment. 1.  Understand the business applications         Before starting any assessment, it is very important to understand the business needs of the                 application. 

Database Dump using SQLMap Find out the parameter of application that is vulnerable to SQL injection . Vulnerable Parameter  : “User ID” Enter ‘ and then click on Submit button. will get the SQL Error. Now Intercept the Request in burp. Copy the incepted request and save it in sqlmap installed directory. Open CMD and go to the directory where SQL map is installed (C:/sqlmap) and type sqlmap.py –r sqlinjection (filename) –-dbs and then enter. (dbs is used for dump database name). Then type Y and enter. Type N and enter, it display all the database . Now we have to find out the table in database. Type sqlmap.py –r sqlinjection –D dvwa(database name) –tables.     In the above snap we got the table name in dvwa database. Then we have find out the column name. type sqlmap.py –r sqlinjection –d dvwa –T users –column. Now we are going to dump the userid and password from column. Type sqlmap.py –r sqlinje