Ketkip - ketkip.com - Ketki's Blog on Web Security
General Information:
Latest News:
Is your Corporate Social Networking account secure? 3 Aug 2013 | 01:53 pm
In the past few months / years, we have read news stories about social accounts of large organizations being hacked on a regular basis. There are several reasons why hackers would want to target socia...
Vulnerability Assessment v/s Penetration Testing 6 Jul 2013 | 02:22 pm
May a time we have seen people mixing up two independent types of testing, Vulnerability assessment and penetration testing. Both the testing techniques have different purpose of conducting. Here is q...
Null Sessions Anatomy 16 Sep 2012 | 06:59 pm
Windows has its own way of characterizing an anonymous user and this is through the process of the NULL session. The NULL sessions are the unauthenticated sessions of the Server Message Block (SMB), w...
Directory Traversal Vulnerability 1 Sep 2012 | 11:55 am
A directory traversal consists in exploiting insufficient security validation of user-supplied input file names, so that characters representing “traverse to parent directory” are passed through to th...
Remote File Inclusion 25 Aug 2012 | 06:22 pm
Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them...
Smartphones and Security 5 Aug 2012 | 01:39 pm
Many people remain unaware that smartphones face even greater security threats than home computers. Viruses, hacking and theft can put sensitive personal information at risk. However, the many integra...
How secure is your smart phone? Checkout these tips to secure your smart phone 5 Aug 2012 | 10:39 am
Many people remain unaware that smartphones face even greater security threats than home computers. Viruses, hacking and theft can put sensitive personal information at risk. However, the many integra...
Stored XSS via File Upload 29 Jul 2012 | 04:59 pm
Stored Cross-Site Scripting (XSS) is one of the major flaw in Web Applications, and it is also one of the difficult form of Cross-Site Scripting to be detected by Automated Scanners. A simple example ...
CRLF Injection Attack 21 Jul 2012 | 10:04 pm
The term CRLF stands for Carriage Return (CR, ASCII 13, \r) Line Feed (LF, ASCII 10, \n). These are ACSII characters which display nothing on screen but are very widely used to indicate an end of line...
A Guide to Better Password Practices 15 Jul 2012 | 12:52 am
Let’s be honest, passwords are annoying. These days, we need a password almost everywhere and we can’t keep track of them all. We forget to update them; and when we do, it’s difficult to come up with ...