Skip to content

ls /blog

Linux Security Blog

Search
  • Home
  • Shep Tutorials
    • Set Up Security Shepherd On VMWare
    • Failure To Restrict Access – Solution
    • Insecure DOR – Solution
    • Poor Data Validation – Solution
    • Security Misconfiguration – Solution
    • Insecure Direct Object Reference 2 Solution
    • Cross Site Scripting One Solution
    • SQL Injection Solution
    • OWASP Security Shepherd – Failure To Restrict Access Solution
    • Session Management Challenge One – Solution
  • GNS3 Series
    • Install GNS3 2.2 on Windows10 | Download Link Included
    • Import VirtualBox Images to GNS3
  • Python Series
    • Part I
    • Part II
  • About

Category: OWASP

AppSec…

XML External Entity (XXE) Vulnerability

14 Oct 20199 Mar 2020
According to OWASP, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to…
AppSec…

Movies Featuring the Nmap Security Scanner

6 Oct 201930 Oct 2019
The Nmap Security Scanner has appeared in many major motion pictures (as well as more obscure films). This gallery provides screen shots and details for each movie. Source: Movies Featuring…
#career…

OWASP A2: Broken Authentication and Session Management Cause and Prevention

12 May 201924 Jul 2020
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts Application Specific Exploitability AVERAGE Prevalence WIDESPREAD Detectability AVERAGE Impact SEVERE Application / Business Specific Consider anonymous external attackers, as well…
#career…

Best Linux Distros for Ethical Hacking and Penetration Testing

1 May 201924 Jul 2020
Here is a list of some top Linux distro for ethical hacking and penetration testing that will surely help you to pick one that best fits your need. Kali Linux:…
AppSec…

Exploiting XXE Vulnerabilities

5 Mar 201924 Jul 2020
By Chris Davis XXE (XML External Entity) attacks happen when an XML parser improperly processes input from a user that contains an external entity declaration in the doctype of an…
AppSec…

CSRF Code Examples and Defense

3 Mar 201924 Jul 2020
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's…
AppSec…

Create a Backdoor with Cryptcat

23 Dec 2018
In this tutorial, I'll introduce you to netcat's popular cousin, cryptcat (she's actually much cuter and more exotic than the plain netcat). Cryptcat enables us to communicate between two systems and encrypts…
AppSec…

SQL Injection Attacks

20 Nov 2018
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd…
AppSec…

IPtables – the Linux Firewall

13 Nov 201813 Nov 2018
KORBIN BROWN FEBRUARY 6, 2014, 12:34PM EDT Iptables is an extremely flexible firewall utility built for Linux operating systems. Whether you’re a novice Linux geek or a system administrator, there’s…
#career…

Now Is The Time, Linux is the Direction

11 Nov 201824 Jan 2019
Your future matters to us @ LSB, so get into Linux and see the new world it will open for you. Created by QuBits 2018-11-11
#career…

Linux Foundation Deals For LSB Followers

25 Oct 2018
We are delighted to be able to team up with The Linux Foundation to bring you some great deals on amazing Linux courses and materials. All courses, on completion is…
AppSec…

OWASP Security Shepherd- Session Management Challenge One – Solution – LSB

12 Oct 201812 Oct 2018
We have another solution in the OWASP Security Shepherd challenges and we enjoyed completing this one. You can find out about Session Management from OWASP here. So let's get on…
AppSec…

Penetration Testing – Complete Guide

10 Oct 201810 Dec 2018
What is Penetration Testing? It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

27 Sep 201827 May 2019
Am I Vulnerable To 'Failure to Restrict URL Access'? The best way to find out if an application has failed to properly restrict URL access is to verify every page. Consider for…
AppSec…

OWASP Security Shepherd – Insecure Cryptographic Storage Challenge 1 Solution – LSB

21 Sep 2018
Thanks for visiting and today we have another OWASP Security Shepherd Solution for you. This time it's the Insecure Cryptographic Storage Challenge. Cryptography is usually the safest way to communicate…
AppSec…

OWASP Security Shepherd – SQL Injection Solution – LSB

15 Sep 201819 Sep 2019
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data…
AppSec…

OWASP Security Shepherd – Cross Site Scripting One Solution – LSB

12 Sep 201812 Sep 2018
Welcome back to LSB my budding hackers. Today's lesson is about Cross Site Scripting (Or XSS).  Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected…
AppSec…

OWASP Security Shepherd – Failure To Restrict Access Solution – LSB

7 Sep 20187 Sep 2018
What is Failure to Restrict URL Access Vulnerability/Threat? Failure to restrict URL access occurs in applications hide functionality from non-privileged users. In an application that fails to restrict URL access, administration…
AppSec…

The Best Hacking Books 2018

25 Jul 201825 Jul 2018
BY HACKING TUTORIALS ON FEBRUARY 2, 2018 One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read…
AppSec…

OWASP – A2 – Broken Authentication and Session Management – LSB

24 Nov 201729 Jun 2018
Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
Cyber Security…

OWASP A1 – Injection, Cause and Prevention

23 Nov 20175 May 2019
Am I Vulnerable To 'Injection'? The best way to find out if an application is vulnerable to injection is to verify that all use of interpreters clearly separates untrusted data…
AppSec…

OWASP Security Shepherd – Security Misconfiguration – Solution – LSB

2 Nov 201712 Dec 2019
Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec…

Owasp Security Shepherd – Poor Data Validation – Solution – LSB

8 Sep 201710 Jun 2019
Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
AppSec…

Installing Security Shepherd on VMWare Workstation 12 Player

21 Aug 201726 Jul 2018
In this post we will install Security Shepherd. A vulnerable web app for us to hack. You can download the ISO image here. Once you download the software, depackage it,…
AppSec…

Security Shepherd Solutions

20 Aug 201715 Oct 2018
The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
Cyber Security…

Full OWASP Penetration Test Links. From Start To Finish, Exploits Included

23 May 201725 May 2017
All the links you'll need from the OWASP methodology penetration test. 4.1 Introduction and Objectives A security test is a method of evaluating the security of a computer system or…
AppSec…

How to install WebGoat on Ubuntu

27 Apr 201727 Apr 2017
WebGoat is a deliberately insecure, Java web application designed for the sole purpose of teaching web application security lessons. The officially-stated aim is to enable developers to “test vulnerabilities commonly…
#career…

SQLMap – Testing With SQL Injection

12 Mar 20165 May 2019
Sqlmap is included in pen testing linux distros like kali linux, backtrack, backbox etc. On other distros it can be simply downloaded from the following url: http://sqlmap.org/. Since its written…
#career…

Sniffing Access Points and Mac Addresses Using Python

4 Feb 201625 Aug 2019
Well, once again it’s time to do something interesting using python and reveal the power of python programming. We will learn how to use a library in python called Scapy.…
Attacks…

Examination of the vulnerabilities of the Cisco IOS

3 Oct 201529 Sep 2019
  Cisco's IOS is multiplatform, so, runs on many different devices. It is compatible with file servers, routers, LAN and WAN switches, ATM switches, personal computers and hubs and any device that…

RSS ls -a /Zer0Days

  • [webapps] Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution) 20 Jan 2021
  • [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS 20 Jan 2021
  • [webapps] ChurchRota 2.6.4 - RCE (Authenticated) 20 Jan 2021
  • [webapps] osTicket 1.14.2 - SSRF 19 Jan 2021
  • [webapps] Life Insurance Management System 1.0 - File Upload RCE (Authenticated) 18 Jan 2021

Follow Us

  • Twitter
  • Facebook
  • Tumblr
  • Reddit

RSS Crypto News

  • An error has occurred; the feed is probably down. Try again later.

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,371 other followers

ls /categories

AppSec Attacks Bugs Cryptography Cyber Security Education Encryption Entertainment Exploits Hacking Linux Open Source Operating Systems OWASP Penetration Testing Privacy Security Technology Tips Tutorials

ls /comments

XXS Attack – P… on Payload in PDF
Fred (@Fred37063593) on The Hidden Wiki
The Privacy Pros and… on A Beginners Guide to I2P
ls /blog 🐧🛡️🌐 (@lsbd… on Discover & Attack Raspberr…
psychocod3r on Discover & Attack Raspberr…
psychocod3r on Windows Takeover with a PDF Fi…

Support Us

Support ls /blog

€5.00

ls -a -v /community

ls /MostVisited

  • Best Darkweb Links
    Best Darkweb Links
  • Payload in PDF
    Payload in PDF
  • Crack WPA Handshake using Aircrack with Kali Linux
    Crack WPA Handshake using Aircrack with Kali Linux
  • BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
    BlueKeep - Exploit Windows (RDP Vulnerability) Remotely
  • Explore The Dark Web Anonymously
    Explore The Dark Web Anonymously
  • Best Onion Links
    Best Onion Links
  • Windows Takeover with a PDF File
    Windows Takeover with a PDF File
  • Hacking Android With Metasploit
    Hacking Android With Metasploit
  • Python Scripting  For The Ethical Hacker
    Python Scripting For The Ethical Hacker
  • Exploiting Routers With Routersploit
    Exploiting Routers With Routersploit

ls /Archives

Follow ls /blog on WordPress.com

We Use Social Media

  • Twitter
  • Reddit
  • Facebook
  • Tumblr
  • Pinterest
  • YouTube
Create a website or blog at WordPress.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy