SEARCH KEYWORD -- vulnerability


  Beauty of code : How to write graceful PHP code

Writing good code is an art. In order to achieve this, it is necessary to develop good programming habits at the beginning. Good programming habits not only contributes to the early project design (modular),but also allows you to the code easier to understand, so that the maintenance of the code is easier. Bad programming habits will result in more code bugs, and will make future maintenance work difficult. We introduce some good programming habits taking PHP as example. Hope this will help you....

   PHP,Good code     2012-08-26 12:23:03

  Why should we drop or reduce use of MD5?

MD5 is a frequently used one-way hash algorithm, it is commonly used in following situations: Check data integrity. We take hash of the data stored in two different places and compare them. If the hash results are the same, then there is no need to check the actual data. This utilizes the collision-resistant feature. Two different data block will have little chance that their hash values will be the same. Many data service providers use such technique to check repeated data to avoild repeating...

   MD5,Vulnerability,attack     2012-09-29 04:47:49

  How to check whether a web page can be loaded in iframe

Sometimes you may want to load other website's page in your own website's iframe, but due to some security concerns, other website may have security configurations which prevent you from loading their pages into your iframe. In this case, if you try to load them, you would see a blank page or a text message telling that it's prohibited. Fortunately, you can detect this before you actually decide to load it. To prevent a page from being loaded by an iframe from other site, the response ...

   HTTP,HTML,IFRAME,SECURITY,X-FRAME-OPTIONS,CONTENT-SECURITY-POLICY     2018-07-27 22:36:02

  8 very useful and free web security testing tools

With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...

   Website, security,Web security,Attack     2012-07-22 10:59:09

  Top 10 Best Free PHP Frameworks of 2015

Like it or not, PHP is still, the most celebrated as well as an influential platform which is widely admired for its brilliant HTML, database integration support, intuitive features, and simple in learning too. Using diverse PHP frameworks, developers can create robust, effective, well- defined and stable web application with an ease and therefore, saving towards development cost is possible.   In essence, these frameworks facilitate scalability and enduring maintenance by obeying developm...

   PHP FRAMWORKS,CAKEPHP,LARAVEL,CODEIGNITER,ZEND ,PHALCONPHP,YII ,FUELPHP,SYMFONY,PHPIXIE,SLIM     2015-10-02 04:56:03

  How Cybersecurity Preparedness Can Minimize Downtime During Cyber-Attacks

According to statistics, the average cost of a data breach reached $4.88 million in 2024, marking the highest recorded average to date. Moreover, 68 percent of data breaches in 2024 involved a human element. Cyber-attacks are no longer rare events—they’re an everyday risk for businesses. When a business isn’t prepared, even a minor attack can lead to costly downtime, disrupt operations, and harm its reputation. The good news is that businesses can reduce these impacts with pro...

   CYBER SECURITY ,CYBER ATTACK     2024-11-14 02:38:42

  IoT System Cyber Attack Case Study 02: Python Deserialization Attack and Library Hijacking Attack

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop that demonstrates how a red team attacker can permanently compromise a people detection radar IoT device. The attack path is achieved through a series of attacks, including traffic eavesdropping, data deserialization attacks, web shell attacks, remote command/code execution, and Python library hijacking attacks. This case study is intended for IoT and data security professional training, aiming to ill...

       2024-07-14 01:40:09

  IT System Cyber Attack Case Study 01: Malicious Macro and Backdoor Trojan Attack on IT-Network

Project Design Purpose: The objective of this cyber attack case study is to develop a workshop showcasing a practical demonstration of a red team attacker implementing an IT system/network attack via a Malicious Macro MS-Office-Word file (CVE-2015-1641) and phishing email generation program to penetrate multiple layers of firewall defenses and implant a backdoor trojan into the railway system's OT network. Related Links: GitHub Project Link , LinkedIn Post Link Attacker Vector: Malicious Macro ...

       2024-08-03 08:21:49

  Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb

This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work:   [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...

       2024-07-07 03:08:22

  Power Grid Simulation System 02 : FDI Power Outage Attack Case Study

We are excited to share that the Power Grid Simulation System we developed was used as part of one red team's targeted critical infrastructure system the international cyber exercise Crossed Swords 2024 which conducted in December 2024. In this article, we will introduce one power outage attack case study which use the Power Grid Simulation System as the demo platform for OT cyber security workshop. Project Design Purpose: This case study demonstrates using the Power Grid Simulation System as a...

       2025-01-11 07:35:45

RECENT