How Blockchain helps protect your data from hackers

  There is a great deal of noise around right now in the IT world regarding Data Science and Big Data. Many new job roles are being created in Data Science related roles including in the field of Information and IT Security.   Within all this there is a newly emergent data encryption technology called Blockchain technology. This technology underpins the infamous Bitcoin currency and the many lookalikes that it has recently spawned. The interesting thing about Blockchain is that it has grown up now from its initial use in Bitcoin. Banks and Financial institutions, many business start-ups and manufacturers of Internet of Things (IoT) device are also starting to adopt the technology. The primary reason for the take-up of Blockchain is data security. Blockchain is, put simply, the most secure and impenetrable way to transmit data securely period. In future it could even mean that some forms of penetration testing, provided by experts such as ourselves, becomes somewhat unnecessary, only time will tell!   How Blockchain secures data The first thing to note with Blockchain is that it removes any need for an intermediary or middleman during any financial or other data transfer process. For instance, Banks and FinancialClick Me For More Details… […]

Read More…

Why do we need penetration testing?

Website Penetration testing basically describes the technical process of attempting to gain access to IT resources without knowing usernames and passwords, or other access routes, it covers testing of all these gateways to your precious data! Bear in mind that any hacker’s ultimate objective is gaining access to important data, for whatever purpose. They will generally be looking for logons, passwords, a company’s user’s details, confidential documents covering areas such as Intellectual Property and, in the case of state sponsored actors, state secrets and other strategically vital information. Today, there are many tools and techniques available to those with a nefarious purpose, so be warned! Gaining access – the difference between hackers and testers What really separates a penetration tester from a criminal hacker is the owner’s permission to attempt to gain access in the first place! In the end, the goal of the penetration test is to improve the overall security of the IT resources that are being tested. Sometimes the penetration tester will have been provided with basic user-level access with the goal being to then gain higher level administrator level access to the network/s etc. under test. Armed with enhanced access permissions, the tester will then look toClick Me For More Details… […]

Read More…

Kali Tools Tutorials For Web App Testing

Learn how to use the tools available on Kali Linux when performing advanced web application assessments. Official version available on Kali Linux website. 1) apache-users Package Description This Perl script will enumerate the usernames on any system that uses Apache with the UserDir module. apache-users Homepage | Kali apache-users Repo Author: Andy@Portcullis License: GPLv2 tools included in the apache-users package apache-users – Enumerate usernames on systems with Apache UserDir module apache-users Usage Example Run against the remote host (-h 192.168.1.202), passing a dictionary of usernames (-l /usr/share/wordlists/metasploit/unix_users.txt), the port to use (-p 80), disable SSL (-s 0), specify the HTTP error code (-e 403), using 10 threads (-t 10): root@kali:~# apache-users -h 192.168.1.202 -l /usr/share/wordlists/metasploit/unix_users.txt -p 80 -s 0 -e 403 -t 10 2) Arachni Package Description Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of useClick Me For More Details… […]

Read More…

How to strengthen your Joomla site’s security

Thanks to its ease-of-use and extensibility, Joomla is used all over the world to power websites of all shapes and sizes. Best of all, this award-winning CMS (Content Management System) is an open-source solution, which means it’s freely available to everyone. Great news for web developers that like to share ideas and code as freely as possible!   But for all its plus points, there are some drawbacks too. Because Joomla is so widely admired and accepted, it has become a popular target for hackers wanting to exploit security vulnerabilities and gain access to valuable data.   For this reason, you might want to heed the following advice on how to strengthen your Joomla site’s security.   Change your username and password   First of all, do not keep the default username ‘admin’, as you will give hackers a head start. You should also choose a strong password that contains letters and numbers as well as uppercase, lowercase, and special characters.   Keep everything updated   On average, Joomla developers will release a new version every two months, which you must download and install as soon as possible. This will protect you from cybercriminals who are constantly trying to findClick Me For More Details… […]

Read More…

The rise of WordPress, now more secure with Security plug-ins?

Popular website development platform WordPress is now used in over 25% of all of the world’s websites! This is an amazing feat for an open-source platform that was only born on May 27th 2003, the blink of an eye in web technology circles! It has now surpassed other favoured development platforms such as Joomla and Drupal but why is this? WordPress was initially created due to the need, at the time, for an elegant and well-architectured personal publishing system enabling bloggers to publish their own, or others guest blog content, for their own readership. Freely available WordPress themes and plug-ins So, the rise of the blogger was thus partly responsible for the initial creation and Launch of WordPress as a stable blogging platform! It also helped that it was based upon open source PHP and MySQL technology, licenced under GPL (GNU General Public License) back in the day, as it still is today. This all meant that developers could get their hand on the core WordPress software for free, only needing to pay for specific add-ons (known as plug-ins) where none were available for free. What’s more, many developers also pooled resources to provide not only free plug-ins but alsoClick Me For More Details… […]

Read More…

WordPress Security and Plug-ins detailed review

WordPress has become the world’s most popular website platform for blogs and generic websites. This is partly due to its flexibility and ease of use but one thing that often gets overlooked with new WordPress sites is security! Don’t leave securing your new WordPress website until the hackers come knocking! With the ever increasing attentions of cyber criminals and hackers, no website can really ever be said to be safe! To help you to make your website as secure as possible, let’s take a look at the basic security steps that should be taken and the security related plug-ins that are available within the ecosphere of WordPress. The major WordPress Security Vulnerabilities As with any website platform, potential security vulnerabilities are potentially rife in WordPress! Secure hosting, variable login pages, strong passwords are just the start. Here is a list of the major potential security issues:  Website hosting Server security vulnerabilities  Theme security within WordPress  Plug-in security within WordPress  Database security  Incorrect File permissions  Potential FTP vulnerabilities / Back doors  Lack of secure Encryption There is not a single plugin that covers all possible security holes with WordPress sites therefore effectively Managing WordPressClick Me For More Details… […]

Read More…

How to Improve WordPress Security

Here we have a great looking and useful infographic from a blogging infographics website called Your Escape From 9 to 5 that is packed with information to help you with WordPress security. The infographic is broken down into sections including how do WordPress blogs get hacked, statistics, how to prevent WordPress security issues, website host, themes and plugins and your computer and network. We hope that you enjoy this WordPress security piece and please share with your fellow bloggers on Facebook, Twitter, Google+ etc. […]

Read More…

Making Drupal secure with modules and a security audit

    Drupal is one of the world’s most popular open-source content management systems and is written using PHP. Drupal also has a wide community of open-source developers who contribute to modules and Drupal themes. Drupal was developed considering security and still gets regular updates to fix any known security issues. Unfortunately, as with other platforms, hackers always try to find and exploit any detected security vulnerabilities in Drupal, its themes or modules. Securing Drupal websites from Hackers With online cyber-attacks forever on the rise, it makes sense to secure your Drupal installation as far as possible. There are a lot of steps that you can take to achieve higher levels of security with Drupal. This tutorial guide will take you through the steps that you need to know in order to secure your Drupal website from hackers, as far as is practical. We will cover how to perform a Joomla security audit of your installation, setting strong user names and passwords, file permissions and introduce many Drupal modules that can enhance your sites security. Drupal security audit First of all, you should consider carrying out a Drupal security audit for your website. This will mean that you can produceClick Me For More Details… […]

Read More…

DROWN SSL Vulnerability Checker

  Taken from DROWNattack.com: DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication. DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack. Any communication between users and the server. This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees. Websites, mail servers, and other TLS-dependent services are at risk for the DROWN attack. Modern servers and clients use the TLS encryption protocol. However, due to misconfigurations, many servers also still support SSLv2, a 1990s-era predecessor to TLS. This support did not matter in practice, since no up-to-date clients actually use SSLv2. Therefore, even though SSLv2 is known toClick Me For More Details… […]

Read More…