Get Started Using SQLMap for SQL Injection Pentesting
SQLMap is a popular open-source penetration testing tool used to detect and exploit SQL injection vulnerabilities. In prior posts, we looked at general concepts of…
Category: App & Data Security
Content and resources related to Application and Data Security.
4 steps to getting started securing applications from an AppSec professional
A few months ago, I had the pleasure of interviewing Mike Thompson (aka @AppSecBloke) on the Cybr Podcast to discuss Application Security, since that’s right…
Uploading Backdoor Shells with Weevely and Commix
Now that we’ve reviewed OS Command injection concepts like how they work, the impact they can have, and techniques that can be used to exploit…
OS Command Injections: How they work, and example techniques
When I first heard the term OS Command injections, or “Shell injection” as some people refer to it, I don’t know why but I assumed…
Cybr Lesson #1: Mistakes Made & Lessons Learned the EASY Way!
I love quotes! I mean… really love them. In just one or two lines I can get or give the inspiration or motivation I need…
How I made an advanced Python Keylogger that sends emails
I made a Python keylogger that sends emails containing recorded data from the target machine, and this post explains how it works! This program is…
8 SQL Injection Cheat Sheets and References you need
Now that we’ve covered general concepts of SQL for SQL injections, and we’ve learned the basics of powerful SQL injection techniques, let’s gather SQL injection…
Beware of These Potential Python Programming Pitfalls
Are there ANY pitfalls to using Python? There are a lot of good reasons to use Python. That made me wonder what the downsides were.…
Cyber-skill Gap: Why Cybersecurity Practitioners NEED TO KNOW Python!
We interviewed a few Cybersecurity, Cloud Computing and Application Security Managers from different organizations for our Cybr Podcast. One of the skills everyone felt was…
How To Hunt for Web App Vulnerabilities Hands-on!
I’ve said it again and again, and I think most members of the technical community would agree that the fastest, most effective, most fun way…