Transferring files between a Client and Server could be restricted in some environments and we might not be able to transfer a file by using internet file sharing services as an intermediate. In this case if we can do text copy/paste clipboard between client and server, we are most likely […]
PenTest
Tunneling application layer traffic through SSH – a method to bypass network restrictions
The purpose of this blog post is to provide information on how and when to use SSH Tunneling and finally a few notes on how to audit and prevent SSH tunneling. I am often testing solutions in a hybrid lab. Having both some public cloud services and my on-prem lab […]
Analyzing and Testing Web Application Security based on OWASP Top 10 – SQLi and XSS
Introduction This post describes some methods and techniques that we can use to verify and analyze security in a web application by assessing the SSL and HTTP traffic.We will focus on how to verify SSL Protocols and Ciphers, HTTP Response Headers and scanning for SQLi and XSS vulnerabilities. These methods […]