Posts

Authentication Vulnerabilities

Image
HackersArsenal 's video  WhyYou Still Can’t Hack Anything (VERY SPECIFIC)  hits many good points . As I watched  Rana Khalil’s Authentication Vulnerabilities| Complete Guide , I was able to make connections between the fundamentals that I learned from Google’s Professional Cybersecurity course and studying for the CompTIA Network+ and Security+ to what Rana was teaching. Tools are the most useful when you understand: ·         How data moves ·         How systems communicate and ·         Where assumptions fail And knowledge gets rusty so I need to make it part of my routine to review the fundamentals and understand a little more in-depth, so NetworkChuck’s Free CCNA 200-301 Complete Course is now on my schedule. An in case you need a really quick refresher on BurpSuite, check out Hacker Blueprint’s Burp suite Explained in 100 Seconds . Before ...
Post a Comment
Read more

PortSwigger's Server-Side Vulnerabilities Path: What the Labs Don't Tell You (And Why Rana Khalil's Videos Fill the Gap)

Image
  To start learning BurpSuite I embarked on the PortSwigger Server-side vulnerabilities path (for Apprentice level). You would think this would be a course for absolute beginners. Yes and no. Let me break it down. What you need to know: First , it would be helpful if you took an Intro to Cybersecurity course so you understand the terminology they are talking about. ·         Path traversal ·         Access Control ·         Authentication ·         Server-side request forgery (SSRF) ·         File upload vulnerabilities ·         OS command injection ·         SQL injection Are the areas covered in this path. They do give some information, but it’s more an overview of a topic than an in-depth explanation. Second , watc...
Post a Comment
Read more

How I'm Translating QA Test Planning to Security Test Cases

Image
  My tech writing led to manual QA testing and now I’m transitioning into offensive security. When I was doing manual QA testing there was some overlap with security testing, however, solid security testing includes threat-informed testing . This means reasoning about: ·        what to attack and ·        why I translated my QA testing background into a security threat matrix. I learned what went right, what went wrong, and I was introduced to threat modeling frameworks which provide a more structured approach to identifying and tackling security risks. Why Should Security Testing Be Its Own Thing? QA asks “does it work as designed?” I created test plans to ensure that features and software follow requirements and I hunted for issues. My findings were mainly for devs to fix bugs, errors, defects, etc. Now how do I prepare to test if someone wants to take advantage of vulnerabilities in the software? This is the secu...
Post a Comment
Read more