Tag: Cyber Security

Business

Optimizing ZAP Scan

Overview Is your ZAP scan taking hours to complete? Maybe even a day to two? Not everyone has the luxury to wait for a 24hr ZAP scan to complete. This is the problem many people face and is what we will be tackling. In this article, we will discuss the variables that affect the duration of the scan and optimise zap scans. Optimise Zap Scans - What Affects a ZAP Scan? Server Hardware and network are one factor that affects the speed of a ZAP scan. So you could get better equipment, but the target equipment is also another factor that we can't control. Thus, let's focus on the configuration of the ZAP application itself. When running an automated scan, there are 2 things that occur, the spidering (which is also part of the passive scan) and the active scan. Each of these co...
Business

ZAP Command Line

ZAP is mostly executed from the GUI, but ZAP can also be executed from the command line. This is great if you want to run a quick scan on your target or want to automate it. If you haven't read How to use OWASP ZAP - Open Source Vulnerability Scanner, I suggest you read it first to have a better understanding of ZAP before moving on to the command line. ZAP Command Line (CLI) Executing ZAP from the command line is limited as you will not be able to specify anything using the command line arguments alone. This means you may not be able to use other scanning features such as fuzzing, ajax spidering, brute force, etc. You can specify some variables by using the -autorun command with an automation file from the automation framework. You can read more about that in How to Autom...
Business

How to use OWASP ZAP – Open Source Vulnerability Scanner

Overview OWASP ZAP is an open-source web application vulnerability scanner that runs on Java11+. It has features such as spidering, passive scanning, active scanning, fuzzing, automation, API and more. ZAP is available on operating systems such as Windows, Linux, Mac and cross platforms. You can download ZAP from here. If you are using Kali Linux, it comes preinstalled. In this article, we will discuss how to use ZAP, its features and results to take note of. How to use ZAP ZAP can be executed through the Automated Scan or the Manual Explore option. Automated Scan This method is an automatic scan. It is the main feature of ZAP. First, enter the URL to attack, and select a spider to use (traditional or ajax). Next, click attack and let it run to comp...
Business

Wappalyzer – Website Technology Identifier

Overview In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier. Wappalyzer is a tool that identifies technologies used on a website, such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more. It is also fast and easy to use. Wappalyzer is a free tool but more advanced services like access to their API require a monthly subscription. Fortunately, Wappalyzer is an open-source project, so you download their code from their GitHub. How to use Wappalyzer Wappalyzer lookup The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of...
DNSrecon – DNS Reconnaissance for Pentesting
Business

DNSrecon – DNS Reconnaissance for Pentesting

Overview The first stage of penetration testing is reconnaissance (information gathering). One method of reconnaissance is by gathering the target's DNS information, such as DNS records and DNS servers. This information can be used to piece together the network infrastructure of an organization. Additionally, it does not trigger an alert from the organisation's firewall or IDS/IPS. A tool that helps us accomplish this is DNSrecon. As the name implies, DNSrecon is a DNS reconnaissance tool that can extract DNS-related information from a website/domain. Here is a list of its features (according to the source repository): Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common S...
Business

5 Popular Open Source Tools for Reconnaissance

Overview In penetration testing, reconnaissance (information gathering) is the first step to analyse the target and explore its attack surface. It is a crucial step to determine the ways that the target could be exploited. In this article, we will explore the 5 essential and popular open-source tools for reconnaissance for penetration testing. We will be covering the following tools: Wappalyzer - Website Technology Identifier DNSrecon - DNS-related information gathering Sublit3r - Subdomain finder theHarvester - Email Finder (for social engineering) Ffuf - URL Fuzzer/Finder Wappalyzer Wappalyzer is software that identifies technologies in a web application such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more....
What To Do If Personal Privacy is Breached
Risk, Security

What To Do If Personal Privacy is Breached

Monitoring services are now a critical component of contemporary cyber security. These services, which are frequently included with expensive antivirus software, are essential for protecting your personal information. Data breaches occur frequently, but businesses have up to 90 days to inform you if they are discovered. Your exposed credentials or other identifying information could be exploited by other bad actors to do significant harm during that period if it is not safeguarded. Monitoring services will alert you more quickly, giving you the chance to take urgent action in the event that any of your information is made publicly available online due to a breach or personal attack. Here's what you need to do to lessen the effects if that occurs. So, without any delay let's know wha...
Is It Safe to Use Online Survey Sites?
Risk, Security

Is It Safe to Use Online Survey Sites?

You've probably heard of taking paid surveys online if you've ever looked for side jobs to earn additional money. but is it safe to use online survey sites? The surveys are offered by numerous websites, and in exchange for completing them, users will receive cash, gift cards, or other modest benefits. Due to the fact that so many different businesses use paid online surveys to do market research, the industry is genuine. However, there are some survey sites that are actually sites made by scammers or cybercriminals among the many legitimate online paid surveys. They are primarily made to gather your personal data in order to commit identity theft. How can you determine which online paid surveys are safe to participate in and which ones you should avoid? What to watch out for when ta...
Tips to protect yourself from online banking fraud
Business

Tips to protect yourself from online banking fraud

Today we are here to tell you tips to protect yourself from online banking fraud because online banking frauds are the most common thing these days, that's why in this blog we will cover every single point by which you can protect yourself from online banking frauds. The days of waiting in a huge line to do a banking transaction in a bank are long gone. Technology has made it much easier to access banking services. Digital banking has become our go-to tool for everything from online shopping to payment processing. Although technology has made banking simpler for us, it has also greatly raised the likelihood of online banking fraud. You must therefore be aware of how to protect yourself from such dangers. Here are 7 tips to Protect yourself from Online Banking Fraud 1. Keep changi...