blog

Our Latest Blogs

Explore our latest blog posts and stay secure in a digital world.

Nessus 5.2 XMLRPC Automation
March 17, 2014
Blacklock

Recently, I was trying to use my previously automated Nessus Automation scripts and detected they aren’t working on latest Nessus 5.2 XMLRPC.Last time, I automated network scanning tasks using XMLRPC in Perl but strange it did not work anymore with Nessus 5.2.

Facebook Like Widget – Spammers Tool???
January 1, 2014
Blacklock

Now a days, I get very curious to look at view-source of website where Facebook’s Like button is embedded. But why should I do this? Isn’t facebook Like button trusted? This is right.. Huh!!! The answer is NO. If there is a mismatch in the domain (you are visiting) and facebook’s Like button then there is surely a problem and it is a spam page.

Configuring ModSecurity with OWASP CRS – Part II
December 9, 2013
Blacklock

The next step is to configure ModSecurity with OWASP CRS (Core Rule Set) rules.

.NET Inherent Protection against CSRF
December 7, 2013
Blacklock

Cross Site Request Forgery is one of the most happening attacks over the internet today. The attackers find it easy to exploit as it does not require any authentication information, session cookies but only require the user to be authenticated to the application. And this works on every platform.

Pentesting Thick Client Apps
October 13, 2013
Blacklock

Pentesting thick client applications is not a new concept instead the techniques adopted are new and interesting. I’m a bit lazy on explaining what thick client apps are, please refer here for more info. GTalk, Pidgin, Skype, MSN are few examples of thick client applications.

Configuring ModSecurity with OWASP CRS – Part 1
October 6, 2013
Blacklock

We were motivated to write about it when few of our clients just instantly asked us about blocking all known malicious web attacks at web server level itself. We quickly suggested them an open source, reliable WAF solution that suffice to their requirement. Obviously, just installing WAF does not mean that you do not need application security controls.

Automating Nessus Capabilities
August 23, 2013
Blacklock

In the process of automating network scans for large networks there is a necessity to automate Nessus scans as well. The major advantage and most important point of this automation is that it allows you to do a Schedule scan in Home Feed version (which is only available in Pro feed) and the easiest part is your scans would run as if you are running from your Nessus web interface client.

Data Validation Framework – HDIV at a Glance
July 12, 2013
Blacklock

Security study has again proved that most of the web application security attacks (approx 85% as per Gartner and NIST) are generated from application layer. It has always been a challenge for developers to validate parameters in URL, HTTP header, HTP request and non-editable fields on the page.

Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.