Category Archives: Security

What is Clickjacking?

A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers load another page over it in a transparent layer. The users think that they are clicking visible buttons, … Continue reading

Posted in Security | Leave a comment

What information does the apache access log contain?

127.0.0.1 – – [05/Feb/2012:17:11:55 +0000] “GET / HTTP/1.1” 200 140 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.5 Safari/535.19” %h is the remote host (ie the client IP) %l is the identity of the user determined by … Continue reading

Posted in Security | Leave a comment

Cross Site Scripting (XSS), CSRF and SQL Injection

SQL Injection: It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held … Continue reading

Posted in Concepts, Security | Comments Off on Cross Site Scripting (XSS), CSRF and SQL Injection

Salted Password Hashing – Doing it Right

http://crackstation.net/hashing-security.htm Salting inherently makes your user’s passwords better automatically by prepending or appending a random string. So lookup tables become useless. But if the password hash and salt table is compromised then salt will not help (as in LinkedIn case). … Continue reading

Posted in Concepts, Security | Leave a comment

SSL vs TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket … Continue reading

Posted in Security | Leave a comment

What is an SSL Certificate?

A secure sockets layer (SSL) certificate is a digitally signed credential, which is issued by a credentialing agency for a specific organization’s website. SSL certificates are used in Internet technology to ensure the safety of transmissions between a web browser and a … Continue reading

Posted in Security | Leave a comment

HTTP vs HTTPs

(http) is a system for transmitting and receiving information across the Internet. Http serves as a request and response procedure that all agents on the Internet follow so that information can be rapidly, easily, and accurately disseminated between servers, which hold information, … Continue reading

Posted in Security | Leave a comment

Security in web applications

Some common terms in web application security testing: Password Cracking:  In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. Lists of … Continue reading

Posted in General, Security, Web development | 1 Comment