OWASP

tools.kali Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure. The unique perspective that Maltego offers to both network and resource based entities is the aggregation of information posted all over the internet – whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits, Maltego can locate, aggregate and visualize this information.

STIGs Home The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. Questions or comments?Please contact DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Codebashing In this interactive tutorial you will understand how SQL injection attacks are used to compromise the security of a web application, and how to write code more securely to protect against this type of attack. 1. Exercise Background Gallery The "Gallery" section is new to our website. We hope to build a strong VUE community of users and thinkers. We need your help in creating a stimulating gallery area, showcasing your uses of VUE. Let us know about your maps and stories, and we will post them on this page. Featured Maps Patrick Szucs explains the use as a Tool for the Construction of Narrative. Decouple Your Code With Dependency Injection - Better Programming - Medium James Shore, the author of The Art of Agile Development, put it quite nicely: “Dependency injection is a 25-dollar term for a 5-cent concept.” The concept is actually really simple: Giving a component all the things it needs to do its job.

Libewf - ForensicsWiki Libewf is a library to access the Expert Witness Compression Format (EWF). Features Read or write supported EWF formats: SMART .s01 (EWF-S01) EnCase .E01 (EWF-E01) and .Ex01 (EWF2-Ex01) Read-only supported EWF formats: Logical Evidence File (LEF) .L01 (EWF-L01) and .Lx01 (EWF2-Lx01) Nikto2 Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security solution. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS.

The NSA back door to NIST Thomas C. Hales (University of Pittsburgh) (This article will be published in the Notices of the American Mathematical Society.) Use once. Die once. — activist saying about insecure communication This article gives a brief mathematical description of the NIST standard for cryptographically secure pseudo-random number generation by elliptic curves, the back door to the algorithm discovered by Ferguson and Shumow, and finally the design of the back door based on the Diffie-Hellman key exchange algorithm. 7 MOST CREATIVE AND INTERESTING GOOGLE TRICKS Google is world’s no. 1 search engine. We all are using it on daily basis. But most of you don’t know much about it’s creativity. Google home page is simple html coded, but by using some tips and tricks you can make it so interesting and amazing. To do so you don’t have to write any code or java script, but by using simple search you can make it like never before. So here are 7 most creative, interesting and funny Google tricks.

API Keys vs OAuth Tokens vs JSON Web Tokens - The Zapier Engineering Blog Adam DuVander / March 2, 2017 For an API to be a powerful extension of a product, it almost certainly needs authentication. By building API calls that can read, write, and delete user data, you can magnify an app’s influence on its users’ lives. So, if authentication is a given, the method is the real choice.