Posts

Showing posts from July, 2018

What Is IP Address And How It Works

Image
IP AddressNo doubt you've heard the term "IP address." Unless you're a techie, though, you may not have more than a shadowy notion of what an IP address actually is or how it works. Let's explore the concept. Windows IP Address SettingsAn IP address is a fascinating product of modern computer technology designed to allow one computer (or other digital device) to communicate with another via the Internet. IP addresses allow the location of literally billions of digital devices that are connected to the Internet to be pinpointed and differentiated from other devices. In the same sense that someone needs your mailing address to send you a letter, a remote computer needs your IP address to communicate with your computer.MAC IP Address Settings"IP" stands for Internet Protocol, so an IP address is an Internet Protocol address. What does that mean? An Internet Protocol is a set of rules that govern Internet activity and facilitate completion of …

Sensitive data exposure

Image
What is sensitive data exposure? It is the leak of data due to low or no encryption
How do I fix/prevent it?Encrypt with high level encryptions only One of the mistakes many of the developers do is they encrypt with weak keys like ROT13 etc.
DO NOT ENCRYPT WITH SUCH WEAK KEYS
Encrypt all pages Most of the times the pages are interlinked,and an attacker might use the 'unsecured' webpage to gain access to sensitive data.
Encrypt all databases Encrypt the databases which store sensitive information.
eg of a non encrypted database
UsernamePasswordJohnMypasswordAnnieAnNie123JackPatriotismIsLife
eg of an encrypted database(same database)
UsernamePasswordJohndchcuichuicuihcAnnieieue3jihdnddioehdJackhduiedeuihdwnwlfiejiojdjdiwediw
See which data is sensitive Do  not waste your time encrypting databases whose's information is not sensitive/important
eg. DO NOT encrypt a database having only emails and usernames Use HTTPS What HTTPS bassicaly does is it encrypts the packets being sent betwe…

Broken Authentication

Image
What is broken authentication?
Broken authentication is when one gains access to specific parts of a web application without proper login/permissions. Example:- I have a web page named example.com/login.html Once a person logs in with a proper username and password,he will be redirected to example.com/admin.html
What will broken authentication allow one to do? Instead of going to the login page,one will directly type the address example.com/admin.html on their URL bar.
Example 2:-
I have a web page named example.com/login.html Once a person logs in with a proper username and password,the sensitive data will be appeared there and then.
What will broken authentication allow one to do? It will allow one to attack the web page using methods like:- Credential stuffing (Dictionary attack)Automated attack (Brute force attack)How do I fix it? Ask for multiple authenticationsKeep complex password requirementsDownload a big list of passwords,and if a users password is in that list notify themLimit log…