This post describes a brief summary on this subject together with recent tests I did conduct against Citrix ADC/NetScaler in a Lab environment. This post will not show intensive testing or demonstrating offensive techniques mentioned here, though this could perhaps appear in a future post on my other blog https://offsec.vchur.dk […]
Tag: Security
Tunneling application layer traffic through SSH – a method to bypass network restrictions
The purpose of this blog post is to provide information on how and when to use SSH Tunneling and finally a few notes on how to audit and prevent SSH tunneling. I am often testing solutions in a hybrid lab. Having both some public cloud services and my on-prem lab […]
Scan and Analyze TLS/SSL with CipherScan
A simple method to figure out which SSL/TLS Ciphersuites are supported by a target, and how these are prioritized. CipherScan can be used to assist to verify a good SSL/TLS configuration on your server.
1 |
./cipherscan.py test.site.com |
1 |
./analyze.py -t test.site.com |
Download https://github.com/mozilla/cipherscan Install git clone https://github.com/mozilla/cipherscan.git Pre-reqs Python […]
Load Testing HTTP with Locust
In this blog post I will share some examples of basic load testing against web services. I will describe a few examples which easily can be configured to match additional needs and requirements. Locust is an open source load testing tool, it is fairly simple to setup and run basic […]
Analyzing and Testing Web Application Security based on OWASP Top 10 – SQLi and XSS
Introduction This post describes some methods and techniques that we can use to verify and analyze security in a web application by assessing the SSL and HTTP traffic.We will focus on how to verify SSL Protocols and Ciphers, HTTP Response Headers and scanning for SQLi and XSS vulnerabilities. These methods […]
NetScaler Security – Layer 4-7 DDoS Protection
NetScaler protects against Layer 4 SYN Flood attacks, by utilizing a SYN Cookie, NetScaler ensures that memory is first allocated to a TCP Session when TCP 3-way handshake is completed. Furthermore, Application Firewall and Rate Limiting could be implemented to mitigate both L4 and L7 attack. This article will focus […]
NetScaler Security – HTTP Headers
These steps should be carried out to raise the security level in HTTP Header security for a given web application controlled by NetScaler. We will be utilizing NetScaler AppExpert and Rewrite engine to meet the objectives.Note. Always implement in a test environment, to verify the impact of this change before […]
NetScaler Security – Protecting against malicious attacks
So in this blog post we are going to look into what options exist in order to protect against malicious attackers, DDoS attacks etc. in an environment with NetScaler Application Delivery Controller as a front-end for business web applications.Furthermore we will look into additional steps to tighten and optimize security […]