CVE : CVE stands for Common Vulnerabilities and Exposures. In simple words it is a database of all the publicly disclosed cybersecurity...

Hashing is the process of converting an input into a hash value, think of it like a secret code that can be easily translated one way,...

In symmetric encryption, a single key is used which can encrypt plaintext into ciphertext as well as decrypt ciphertext into plaintext....

Following test cases can be applied on the Login page: Bruteforce the login using cluster bomb attack. (both username / password) Use...

In role based applications, a penetration tester should always ensure that he tests for privilege escalation. Let's take an example of a...

Monitoring and Logging Security Events is crucial for understanding and responding to potential security threats. In order to Monitor and...

The vulnerability management process involves the objective to detect and mitigate vulnerabilities in the organization. It can be done...

1. Insecure Direct Object References (IDOR) : Imagine you have a web application where each user has an account page with a unique number...

Verify that the "Forgot Password" link/button is prominently displayed on the login page. Check that the user is directed to the correct...

Following are two tools for beginners that will help in testing websites and networks: Burp Suite  Nmap Nessus OWASP ZAP JohnTheRipper...