Stack Overflow
Stack Overflow

Questions tagged [penetration-testing]

This tag is for questions that involve black box security testing of applications and/or networks. Questions that involve vulnerability scanning, offensive security, exploit development, etc., might fall under this tag.

About Web Application Penetration Testing on OWASP site.

411 questions
375
votes
8 answers

What is "X-Content-Type-Options=nosniff"?

I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' This check is specific to Internet Explorer 8 and Google…
Pringles
  • 4,355
  • 3
  • 18
  • 19
88
votes
5 answers

Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be installed each time an Azure instance is started. There…
Nick Evans
  • 3,279
  • 2
  • 25
  • 21
35
votes
3 answers

Adding authentication in ZAP tool to attack a URL

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.
user2323844
  • 401
  • 3
  • 8
  • 9
21
votes
2 answers

How to SECURE my FLUTTER Mobile Application? (Flutter App Penetration Testing Result)

Where can I get Flutter App security documentation or best practice? I am nearly ready to publish my app. I use online (free version) https://www.ostorlab.co/report/ and check the security of my app. I have a main question above and some more…
user9239214
13
votes
3 answers

Security vulnerability testing tool for .NET web applications?

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run for my .net web app and find all security flaws exist. I…
Punit
  • 1,347
  • 3
  • 20
  • 39
10
votes
3 answers

Setting Content Security Policy in Apache web server

We had a penetration testing and one of the findings were: "Missing Content-Security-Policy HTTP response header" We did a bit of research and found out how to set this in the web servers httpd.conf file. The problem is we don't know what to include…
lecarpetron dookmarion
  • 519
  • 2
  • 7
  • 18
10
votes
3 answers

Preparing an ASP.Net website for penetration testing

Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the default behaviour of ASP .Net such as possible…
Brian Scott
  • 9,221
  • 6
  • 47
  • 68
9
votes
2 answers

How to pass user credentials through Wapiti Web Application Vulnerability Scanner

I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and password on our login form so I can test the…
gidmanma
  • 1,464
  • 1
  • 16
  • 27
7
votes
2 answers

Can end user contact SQL DB if he can write his own Javascript?

I have a website on which i let the user edit the frontend of the website. The user only has access to an editor, not to the server its hosted on. The user asked me to also allow javascript. This means the user can create his own scripts on the…
user3127554
  • 521
  • 1
  • 7
  • 28
7
votes
2 answers

XSS - Which browsers automatically escape urls in the address bar?

I have been performing some xss / javascript-injection / penetration-testing on my asp.net site recently and noticed that modern web-browser (ie latest FF and Chrome) are escaping the urls entered into the address…
Philip Pittle
  • 11,821
  • 8
  • 59
  • 123
7
votes
1 answer

Is it possible to spoof or reuse VIEWSTATE or detect if it is protected from modification?

Question ASP and ASP.NET web applications use a value called VIEWSTATE in forms. From what I understand, this is used to persist some kind of state on the client between requests to the web server. I have never worked with ASP or ASP.NET and need…
Peter Jaric
  • 5,162
  • 3
  • 30
  • 42
6
votes
12 answers

Which of these scripting languages is more appropriate for pen-testing?

First of all, I want to avoid a flame-war on languages. The languages to choose from are Perl, Python and Ruby . I want to mention that I'm comfortable with all of them, but the problem is that I can't focus just on one. If, for example, I see a…
Vhaerun
  • 12,806
  • 16
  • 39
  • 38
6
votes
1 answer

Controlling SQL Servers best-fit unicode transformation

A recent whitehat scan made me aware of SQL Server's best fit unicode transformations. This means that when a string containing unicode characters is converted to a non-unicode string, SQL Server will do a best-fit replacement on the characters it…
Brad Wood
  • 3,863
  • 16
  • 23
6
votes
2 answers

Sqlmap traffic capture

I am trying to understand how SQLmap works. For example, sqlmap finds injection on my site - Place: GET Parameter: selected Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payload: act=il&ed=1' LIMIT 1,1 UNION ALL SELECT…
Dmitrij Holkin
  • 1,995
  • 3
  • 39
  • 86
5
votes
4 answers

How do I provide stdin inputs from command line?

I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by me. The vulnerable code uses scanf to read data from stdin. ./vulnerable <…
Lord Loh.
  • 2,437
  • 7
  • 39
  • 64
1
2 3
27 28