Week 7 Takeaways
Assigned readings:
Burp Suite is a tool that allows security testing of Web applications. This framework is very powerful for if it is used properly, it identifies vulnerabilities and exploits them. This tool is composed of proxy, spider, intruder, repeater, sequencer, decoder and comparer. Burp intruder allows you to customize attacks against any Web applications and it is composed of four elements: target, positions, payloads and options. SQL Injection testing is also another method that is used within the Burp intruder. Burp repeater manually modifies the HTTP requests and tests the responses given by the page. Burp sequencer checks for the extent of randomness in the session tokens generated by the Web application. Burp decoder sends a request to the decoder and lastly, burp comparer compares between two sets of data. Web application vulnerabilities is becoming more sophisticated however they are various methods to prevent such threats and protect the assets of the company. One of the most common methods include web application scanners and firewalls. Also, it is important to note that managers play a significant role when it comes to web application security.
Question for the class:
What are you experiences thus far using Burp Suite?
In the news: “Vulnerability found in two-factor authentication”
Two-factor authentication is a computer security measure used by major online service providers to protect the identify of users in the event of a password loss. Security experts have long endorsed two-factor authentication as an effective safeguard against password attacks. But what if two-factor authentication could be cracked not by computer engineering but by social engineering? A study was conducted with a scenario in which a hacker, armed only with the target’s mobile phone number, attempts to log into a user’s account and claims to forget the password, triggering a verification SMS text. I n a pilot test of twenty mobile phone users, 25 percent forwarded the verification code to an attacker upon request while proving the success of Verification Code Forwarding Attack.
Click here to read more about this article.
Leave a Reply