Tag: Security

How to architect a product properly (software architecture)

How’s it going tech folks? I have been silent for a while but decided to make a noise after all. How to architecture your product precisely for it to operate without any abnormalities to meet its non-functional requirements is what I’m going to talk about. If you don’t properly architecture your product it might behave abnormally under a heavy load, could be vulnerable to attacks or even it could face a number of other consequences.

What’s Software Architecture

Let’s see what’s Wikipedia has to say,

Software architecture refers to the high level structures of a software system, the discipline of creating such structures, and the documentation of these structures. These structures are needed to reason about the software system. Each structure comprises software elements, relations among them, and properties of both elements and relations.

What Wikipedia is trying to say here is that the software application architecture serves as the blueprint which defines the structure of the final outcome so that it will meet all of its functional and non-functional requirements while ensuring it is technically feasible. The architecture of any product is the key carrier of its qualities such as performance, security etc. none of which can be achieved without a unifying architectural visualization. It’s a must to have the right balance of the users, system and business aspects to define the best architecture for the product. – Read More –

Web Shell – WSO – Security – #ImAWhiteHat

So WSO!!!

By attempting any of the things listed in this blog post you accept full responsibility for your actions and I will not be held responsible whatsoever. This tutorial is strictly for penetration testers only. 

Today we are going to talk about a slightly different topic. I’m pretty sure you are going to love it if you are techie like me. This post is strictly dedicated to security personals out there who are white hats(neither black hats nor grey hats). Hacking or in other terms exploiting a vulnerability is an interesting topic that is also a massive area to be studied. The topic comes under computer security. This blog post will focus on controlling a remote server via a small script which is called a web shell. A popular one has a variation and is known as the ‘WSO Web Shell’. Today we’ll see what we can do with it and how.

So a web shell can also be defined as a type of Remote Administration Tool (RAT) or Backdoor. The web shell can be a full featured administrative GUI which has all the features you need to own/run/destroy a server or as simple as a single line of code that simply takes commands through a browser’s URL and execute it in the server. Beauty is web shells can be written in any language that a server supports. As an example WSO, the one we are going to look at today is written in PHP. So let’s assume that you are running Apache with PHP you will be vulnerable for PHP web shells such as this mighty WSO if you don’t have proper security in place. Most dangerous part is when the shell is installed, it will have the same permissions and abilities as the user who put it on the server. Now you know what’s a web shell is. If you are looking for a list of web shells that are being used in the tech world you can find them right here. Also makes sure that you have harden the Apache server as given this this blog post. – Read More –

Nikto Tutorial – Security – #ImAWhiteHat

So Nikto!!!

By attempting any of the things listed in this blog post you accept full responsibility for your actions and I will not be held responsible whatsoever. This tutorial is strictly for penetration testers only. 

Is your site safe on the internet? Are you sure? Let’s make sure you are safe from hackers. Today we’ll divine into a tool which will help us to stay safe. The name is Nikto. It is a web vulnerability scanner else can be called as a security testing tool that scans web servers for vulnerabilities and other known issues. It’s written in Perl means it will run on most operating systems with the necessary Perl installed. In this nikto tutorial I will guide you through using it on Ubuntu given that Perl comes already installed in Ubuntu. Beauty of open source right? It is very straight forward to use Nikto meaning that from a single command you get whether there are vulnerabilities or not. As they say

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

There are two ways to get started. Let me show you both ways. You can select whichever way you like.

– Read More –