Beginners tips for testing web applicaiton

This topic contains 20 replies, has 12 voices, and was last updated by  globallinks1 5 years, 3 months ago.

  • Author
    Posts
  • #7813
     Jamie.R 
    Participant

    This guide is written with newbie’s in mind to show them some of the basic concepts when testing web applications and trying to bring them up to speed on testing web applications. It’s not designed to be a one stop solution but a way to explain some of the basic information and give them materials to go and find out more for themselves.

    Setup
    In order to test web applications there are three tools that I use every single time. I use Firefox as my testing browser with foxy proxy plugin, Burp suit as my proxy and Google chrome for searching browsers, as I don’t want any Google searches affecting what’s in burp suit as the client may wish to see the burp suit logs.

    Starting the test
    When testing a website I like to spend around 30 minutes just browsing the site as any user would, trying to identify the static pages from the dynamic pages and trying to identify which technologies are being used: PHP, ASP, JavaScript or even Perl. I usually do this process whilst using burp suit. If you have the pro version it will start to identify issues with the site, like XSS, http only cookies and so on. You can also try and force errors from the page; this may give away internal paths or version information. Version information can also usually be found in the headers. There are addition tools you can use like Hoppy or Nikto to help map the web application.

    http://labs.portcullis.co.uk/application/hoppy/
    http://cirt.net/nikto2/

    Once I have good idea about the site I start by looking for default pages. For example if it’s a contents management site like Word press, Drupal or any other popular site, I tend to download the files and quickly set it up in a Lamp, WAMP or MAMP environment this way I can see what the default settings are as well as how the files are structured. This gives me a good idea of where to look in the application I am testing. Can I access an admin page? Or is there a backup of the default admin login detail? This all needs to be investigated to see what you can and cannot access and help map the application.

    If the application is not using a CMS then I start by trying to access common files like robots.txt and then try to view any pages listed in that. If there are not any robots files, I then try default pages like admin.php, account.php so on.  At this point you could use the spider feature in burp suit to try and get a much better idea of the application or use Dirbuster to try brute force on any hidden directories.

    Once this has all been done you should have a really good understanding of the application. What it does, how it was build and maybe even some small issues to report like internal path, information disclosure etc. Having a good idea of how the application was built, this is an essential to understand as if you trying to exploit an SQL injection. If you know the developers have followed a certain naming pattern, you can take an educated guess they have done the same in their database this will make exploiting it easier if you find SQL injections on the site.

    Starting the attack
    We have a really good understanding of the site and the inner workings and so it’s time to start finding issues with the site.

    Login Page
    If the website has a login page then I first create an account, during this process I see if I can use a weak password like the character ‘A’. If I can then this is an issue and would report it to the client as they should be using at least 9-20 characters with a mixture of upper, lower, numbers and symbols for the password. After I have registered with the site I attempt to login to the site looking for any errors messages. I want to make sure that the errors are not given any information away like “This passwords does not match the username” As an attacker this then tells me that I have a valid username so I can enumerate user.

    Injection
    This is where you can inject into the page; you can find this with an error message, which is the most common place, just like the example below. The reason this is an issue is it lets anyone write anything on your site so it’s a great tool to use with social engineer. We could write a message encode it then send it to a customer, they would then ring the number and we could try to get account information from them.

    Example Error injection
    http://testsite.com/page/sign-in?error=Please call tech support 0800 000 000

    XSS (Cross site Scripting)
    The first attack I intend to try is XSS. I look for both stored and reflected XSS. The way I like to test for XSS is using the

    tag I will place this into any form field and if there is a possible XSS it will break the page and turn the HTML into text. This means when you view the page instead of seeing a GUI you see the HTML. You can also use <script>alert (“XSS”) </script> there are also lots of other ways to test for XSS. The paces you want to test XSS are post variables, get, cookies variables, and HTTP headers. XSS is mainly used for phishing attacks as well as stealing cookies and a cool tool to check out its beef project. A lot of site setup filtering to prevent this by replacing any dangerous characters, there are ways to get pass these filters depending on how they are setup. An example of this would be if a site was using a script to search the input data and only once you have done this then you could try <script></script><script>alert (“XSS”) </script> What would happen here is the script would search for <script> tags but as it only runs once it would remove the first </script><script> tags leaving the second. There are also lots of ways to bypass filters using encoding or different types of tags like HTML5 tags but this post as well as DOM based XSS attacks.</p> <p><em><strong>Example Get XSS with URL encoding:</strong></em><br /> http://testsite.com/page/sign-in?error=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E</p> <p><strong>Additional Resources:</strong><br /> <a href="http://ha.ckers.org/xss.html" rel="nofollow">http://ha.ckers.org/xss.html</a><br /> <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29" rel="nofollow">https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29</a><br /> <a href="http://beefproject.com/" rel="nofollow">http://beefproject.com/</a><br /> <a href="http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/" rel="nofollow">http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/</a><br /> <a href="http://html5sec.org/" rel="nofollow">http://html5sec.org/</a></p> <p><strong>Broken Authentication </strong><br /> A great way to test broken authentication is to find out the URL for something you should only have access to if you were logged in. If you can then go straight to this page without signing in, this indicates broken authentication. Another problem with authentication is if you can guess the session ID you could potentially gain access by guessing or brute forcing the session ID.</p> <p><strong>Additional Resources:</strong><br /> <a href="https://www.owasp.org/index.php/Top_10_2010-A3" rel="nofollow">https://www.owasp.org/index.php/Top_10_2010-A3</a></p> <p><strong>SQL Injections</strong><br /> SQL Injections is a massive subject in fact there are dedicated books on it. When testing the application I want to try to get, post, headers and cookies fields. If it’s running MYSQL I tend to just use a; or ‘to break the code, then I can build on this or use SQLMAP to try to exploit the database. This does depend on what database is being used. There are also two types of injection error based and blind, Error based is easy to exploit where blind does take a bit of skill. Error bases is easy to identify as you get some sort of MySQL error relating to the code you have now broken by placing a ‘into the query.</p> <p><em>Example: </em><br /> We have a box that allows us to supply a name we are going to supply a ‘ this will then be inserted into the query below.<br /> Select name from table where name = “$name”;<br /> What we do is break this query by supplying the ‘so it becomes Select name from the table where name = “’”; this should cause an error as this is not valid syntax.</p> <p>This is a really basic example of SQL injections</p> <p><strong>Additional Resources:</strong><br /> <a href="http://www.unixwiz.net/techtips/sql-injection.html" rel="nofollow">http://www.unixwiz.net/techtips/sql-injection.html</a><br /> <a href="http://sqlmap.org/" rel="nofollow">http://sqlmap.org/</a><br /> <a href="http://www.amazon.co.uk/Injection-Attacks-Defense-Justin-Clarke/dp/1597499633/ref=sr_1_1?ie=UTF8&#038;qid=1344699444&#038;sr=8-1" rel="nofollow">http://www.amazon.co.uk/Injection-Attacks-Defense-Justin-Clarke/dp/1597499633/ref=sr_1_1?ie=UTF8&#038;qid=1344699444&#038;sr=8-1</a><br /> <a href="https://www.owasp.org/index.php/Blind_SQL_Injection" rel="nofollow">https://www.owasp.org/index.php/Blind_SQL_Injection</a><br /> <a href="https://www.owasp.org/index.php/SQL_Injection" rel="nofollow">https://www.owasp.org/index.php/SQL_Injection</a></p> <p><strong>Storing Password</strong><br /> If we can we want to try to identify how the passwords or credit cards are being stored in the database. The simplest way to do this is if the application has reset password you can use this and see if you get your password back in plain text. If you do get your passwords in plain text this means they are being stored in plain text or they are using an encryption that is easy to reverse. This is more common than you think it should be. In fact a major retailer in the UK has just admitted they are storing passwords in plain text.</p> <p><strong>Additional Resources:</strong><br /> <a href="http://www.gizmodo.co.uk/2012/07/pain-text-password-storage-but-one-of-tesco-onlines-possible-security-holes/" rel="nofollow">http://www.gizmodo.co.uk/2012/07/pain-text-password-storage-but-one-of-tesco-onlines-possible-security-holes/</a><br /> <a href="http://crackstation.net/hashing-security.htm" rel="nofollow">http://crackstation.net/hashing-security.htm</a></p> <p><strong>CLICK JACKING</strong><br /> I think every site I have tested is vulnerable to this attack method. The simplest way to explain this is overlaying a website on top of another website. This happens a lot on Facebook where users think they are clicking like but they really clicking the box behind that is sending a message to all of your friends.</p> <p><strong>Additional Resources:</strong><br /> <a href="https://www.owasp.org/index.php/Clickjacking" rel="nofollow">https://www.owasp.org/index.php/Clickjacking</a><br /> <a href="http://www.contextis.com/research/tools/clickjacking-tool/" rel="nofollow">http://www.contextis.com/research/tools/clickjacking-tool/</a><br /> <a href="http://javascript.info/tutorial/clickjacking" rel="nofollow">http://javascript.info/tutorial/clickjacking</a></p> <p><strong>BRUTE FORCING</strong><br /> I have never really used brute forcing techniques when testing web applications. I always got told that if you need to brute force then you missed something. If I come across a login page I will maybe try a small amount of brute forcing like admin:admin, admin:password and administrator:sitename But no more than say around ten attempts. I also want to see if I get locked out at all, to see if I can’t login after a certain amount of times, as this would be an issue in some situations but most clients accept this as a small risk and don’t care about it.<br /> You can use tools like Burpsuit for brute forcing as well as hydra most browser also have plugins that you can use to try and get access to the application.</p> <p><strong>Additional Resources:</strong><br /> <a href="http://www.thc.org/thc-hydra/" rel="nofollow">http://www.thc.org/thc-hydra/</a><br /> <a href="https://addons.mozilla.org/uk/firefox/addon/fireforce/" rel="nofollow">https://addons.mozilla.org/uk/firefox/addon/fireforce/</a></p> <p><strong>SSL </strong><br /> When testing a website we want to make sure that all sensitive data is sent using SSL. And it’s using a good chipher so anything above 128 would do. We also want to make sure that the certificate has not expired or there are any other issue with it.</p> <p><strong>Additional Resources:</strong><br /> <a href="http://sourceforge.net/projects/sslscan/" rel="nofollow">http://sourceforge.net/projects/sslscan/</a></p> <p><strong>FILE UPLOADS</strong><br /> Sites that allow file uploads sometimes do not use filtering on the file type, this means that you can upload picture.php that contains a PHP backdoor. You can then view this page by going to <!-- w --><a class="postlink" href="http://www.exmaplesite.com/picture.php" rel="nofollow">www.exmaplesite.com/picture.php</a><!-- w --> from here depending on your back door you can run commands on the box like cat /etc/shadow. There are many web backdoors contained in backtrack as well as a great site called pentestmonkey.co.uk. Another trick you can try is to rename the file, if the site has some sort of filtering in place, for example picture.jpg.php this is because most scripts will search the line for a .jpg extension. It will say does this line contact a .jpg and the answer is yes so this would let you upload the file and bypass any filter as if we tried to upload picture.php it would not find the .jpg and not allow us to upload the file.<br /> CSRF Cross site request forgery</p> <p>This is a bit of a tricky one to explain but let’s see if we can explain it as simple as possible. CSRF is when you are logged into one site for example Amazon and then you are using another website called eveilhcker.com. You click a button on this site that you think will register you to the site and it does but at the same time it makes a request to Amazon on your behalf telling Amazon that you want to buy a book, using the one click buy feature. So what’s happened now is that you’re registered to evilhacker.com but you also brought a book that you are totally unaware of as it’s all happened in the background.</p> <p><strong>NUESSES</strong><br /> The last stage of the test that I like to run is Nessus this just helps me to identify any other issues that I may have missed. Once this has been done I try and confirm any issues it has found before reporting them to the client.</p> <p><strong>CUSTOMER RECOMENNDATIONS</strong><br /> When we provide the report to the customer we want to make sure that all issues have a really good explanation on how to fix the problems. We also want to make some general recommendations, like making sure CMS are updated and you force the user to use strong passwords.</p> <p><strong>Other Attacks</strong><br /> There are lots of other attack vectors for application including session fixation, local file includes, remote file includes and Ajax attack to name a few. As this is not a step by step guide if you want to learn more about these types of attack I would recommend web applications the best book I think you can get is the Web Applications Hacker Hand book. If you really interested in learning more about web apps, a course I really recommend is elearnsecurity and their labs on web applications. The people behind the book above also offer a web course but this cost around $7 per hour.</p> <p>Another really good resource is the OWASP web application security testing cheat sheet</p> <p><a href="https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet" rel="nofollow">https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet</a></p> <p>I hope people fine this useful feel free to add more if you think I have missed anything and would love to get any feedback.</script></plaintext> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49119" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 17, 2012 at 3:51 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49119" class="bbp-reply-permalink">#49119</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49119 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-2 user-id-2567 post-49119 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/sh4d0wmanpp/" title="View sh4d0wmanPP&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/398df0fc5270cabae1172aa2b24ac7b3?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/398df0fc5270cabae1172aa2b24ac7b3?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/sh4d0wmanpp/" title="View sh4d0wmanPP&#039;s profile" class="bbp-author-name" rel="nofollow">sh4d0wmanPP</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Nice writeup! I would also include Command Injection attacks as they are relatively easy to exploit, see some info here:</p> <p><a href="https://www.owasp.org/index.php/Command_Injection" rel="nofollow">https://www.owasp.org/index.php/Command_Injection</a></p> <p><a href="https://www.golemtechnologies.com/articles/shell-injection#how-to-test-if-website-vulnerable-to-command-injection" rel="nofollow">https://www.golemtechnologies.com/articles/shell-injection#how-to-test-if-website-vulnerable-to-command-injection</a></p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49120" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 17, 2012 at 8:25 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49120" class="bbp-reply-permalink">#49120</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49120 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-3 user-id-2555 topic-author post-49120 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-name" rel="nofollow">Jamie.R</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Thanks for the feedback ahh I knew I was going to miss somthing 😛</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49121" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 20, 2012 at 9:01 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49121" class="bbp-reply-permalink">#49121</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49121 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-4 user-id-2469 post-49121 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/novice-hacker/" title="View Novice hacker&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/e54fe344d71772c969caf1b65353fb72?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/e54fe344d71772c969caf1b65353fb72?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/novice-hacker/" title="View Novice hacker&#039;s profile" class="bbp-author-name" rel="nofollow">Novice hacker</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Thanks for the great tutorial!</p> <p>I won&#8217;t be able to understand all of it but I want you to know that I appreciate your efforts sincerely  🙂</p> <p>Keep up the great work!    (I would love it if you produced more tutorials geared towards beginners)</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49122" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 20, 2012 at 9:18 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49122" class="bbp-reply-permalink">#49122</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49122 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-5 user-id-2567 post-49122 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/sh4d0wmanpp/" title="View sh4d0wmanPP&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/398df0fc5270cabae1172aa2b24ac7b3?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/398df0fc5270cabae1172aa2b24ac7b3?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/sh4d0wmanpp/" title="View sh4d0wmanPP&#039;s profile" class="bbp-author-name" rel="nofollow">sh4d0wmanPP</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Follow this tutorial together with the Web Application Hacker&#8217;s Handbook and you have a pretty decent image of web-pentesting. Try everything out and if you get stuck, ask at that particular point, I am sure the community here will help you out.</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49123" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 20, 2012 at 9:28 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49123" class="bbp-reply-permalink">#49123</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49123 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-6 user-id-2552 post-49123 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/m0wgli/" title="View m0wgli&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2552/5ac93d1f4c5c0-bpfull.jpg' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2552/5ac93d1f4c5c0-bpfull.jpg 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/m0wgli/" title="View m0wgli&#039;s profile" class="bbp-author-name" rel="nofollow">m0wgli</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>The OWASP Broken Web Applications Project is a useful resource for trying out the attacks already mentioned:</p> <p><a href="http://code.google.com/p/owaspbwa/" rel="nofollow">http://code.google.com/p/owaspbwa/</a></p> <p>The Samurai Web Testing Framework is also useful. I&#8217;d suggest checking out the course:</p> <p><a href="http://sourceforge.net/projects/samurai/files/" rel="nofollow">http://sourceforge.net/projects/samurai/files/</a></p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49124" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 20, 2012 at 9:55 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49124" class="bbp-reply-permalink">#49124</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49124 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-7 user-id-2555 topic-author post-49124 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-name" rel="nofollow">Jamie.R</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Thanks m0wgli for the link 🙂</p> <p>@Novice hacker I have done some video on wirelress, basic linux commands , sed and cut and securing an iphone might want to take a look.</p> <p> <a href="http://www.securitytube.net/video/2838?moderation=true" rel="nofollow">http://www.securitytube.net/video/2838?moderation=true</a><br /> <a href="http://www.securitytube.net/video/2839?moderation=true" rel="nofollow">http://www.securitytube.net/video/2839?moderation=true</a><br /> <a href="http://www.securitytube.net/video/2846?moderation=true" rel="nofollow">http://www.securitytube.net/video/2846?moderation=true</a><br /> <a href="http://www.securitytube.net/video/3802?moderation=true" rel="nofollow">http://www.securitytube.net/video/3802?moderation=true</a></p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49125" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 20, 2012 at 12:42 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49125" class="bbp-reply-permalink">#49125</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49125 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-8 user-id-2433 post-49125 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/cyber-spirit/" title="View cyber.spirit&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/6a110ef04d4fcb7688a12e3b95a5ac52?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/6a110ef04d4fcb7688a12e3b95a5ac52?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/cyber-spirit/" title="View cyber.spirit&#039;s profile" class="bbp-author-name" rel="nofollow">cyber.spirit</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>the first and the last awsome article thanx jamie r great easy to follow totally perfect ur score is 100 of 100 lol</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49126" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 20, 2012 at 2:24 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49126" class="bbp-reply-permalink">#49126</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49126 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-9 user-id-2555 topic-author post-49126 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-name" rel="nofollow">Jamie.R</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Thanks glad it was useful</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49127" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 24, 2012 at 3:33 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49127" class="bbp-reply-permalink">#49127</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49127 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-10 user-id-1783 post-49127 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/maxe/" title="View MaXe&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/01255569a2dba02a0dea7cf2e37eb4b9?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/01255569a2dba02a0dea7cf2e37eb4b9?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/maxe/" title="View MaXe&#039;s profile" class="bbp-author-name" rel="nofollow">MaXe</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>As Owasp has been mentioned so many times in this thread, I think it&#8217;s more than fair to mention their Testing Guide which is quite extensive (but also very basic to intermediate level).</p> <p>Link: <a href="https://www.owasp.org/index.php/OWASP_Testing_Project" rel="nofollow">https://www.owasp.org/index.php/OWASP_Testing_Project</a></p> <p>Read through it, try out the attack methods locally, most of them can be done with Damn Vulnerable Web Application, and others can be done with custom code or other vulnerable frameworks.</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49128" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 25, 2012 at 12:51 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49128" class="bbp-reply-permalink">#49128</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49128 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-11 user-id-869 post-49128 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/dark_knight/" title="View Dark_Knight&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/237911a7625ada227999b7c4dfe447e0?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/237911a7625ada227999b7c4dfe447e0?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/dark_knight/" title="View Dark_Knight&#039;s profile" class="bbp-author-name" rel="nofollow">Dark_Knight</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Has anybody used the ClickJacking tool recently? Got a few questions.</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49129" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 25, 2012 at 10:03 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49129" class="bbp-reply-permalink">#49129</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49129 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-12 user-id-1783 post-49129 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/maxe/" title="View MaXe&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/01255569a2dba02a0dea7cf2e37eb4b9?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/01255569a2dba02a0dea7cf2e37eb4b9?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/maxe/" title="View MaXe&#039;s profile" class="bbp-author-name" rel="nofollow">MaXe</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p><em><a href="https://www.ethicalhacker.net/members/dark_knight/" rel="nofollow">@dark_knight</a> wrote:</em></p> <blockquote><p> Has anybody used the ClickJacking tool recently? Got a few questions. </p></blockquote> <p> No but there&#8217;s plenty of resources on how to conduct click-jacking attacks including a few demo&#8217;s on various websites.  ;D</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49130" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 25, 2012 at 10:58 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49130" class="bbp-reply-permalink">#49130</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49130 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-13 user-id-2555 topic-author post-49130 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-name" rel="nofollow">Jamie.R</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Yes just Google for them here a quick one I found on YouTube.</p> <p><a href="https://www.youtube.com/watch?v=3mk0RySeNsU" rel="nofollow">https://www.youtube.com/watch?v=3mk0RySeNsU</a></p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49131" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">August 25, 2012 at 10:59 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49131" class="bbp-reply-permalink">#49131</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49131 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-14 user-id-869 post-49131 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/dark_knight/" title="View Dark_Knight&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/237911a7625ada227999b7c4dfe447e0?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/237911a7625ada227999b7c4dfe447e0?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/dark_knight/" title="View Dark_Knight&#039;s profile" class="bbp-author-name" rel="nofollow">Dark_Knight</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p><em><a href="https://www.ethicalhacker.net/members/maxe/" rel="nofollow">@maxe</a> wrote:</em></p> <blockquote><p> <em><a href="https://www.ethicalhacker.net/members/dark_knight/" rel="nofollow">@dark_knight</a> wrote:</em></p> <blockquote><p> Has anybody used the ClickJacking tool recently? Got a few questions. </p></blockquote> <p> No but there&#8217;s plenty of resources on how to conduct click-jacking attacks including a few demo&#8217;s on various websites.  ;D </p></blockquote> <p> Are you saying I should actually go and do some research?  ;D  ;D<br /> #lazyweb</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49132" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">October 21, 2012 at 8:11 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49132" class="bbp-reply-permalink">#49132</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49132 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-15 user-id-1783 post-49132 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/maxe/" title="View MaXe&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/01255569a2dba02a0dea7cf2e37eb4b9?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/01255569a2dba02a0dea7cf2e37eb4b9?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/maxe/" title="View MaXe&#039;s profile" class="bbp-author-name" rel="nofollow">MaXe</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p><em><a href="https://www.ethicalhacker.net/members/dark_knight/" rel="nofollow">@dark_knight</a> wrote:</em></p> <blockquote><p> <em><a href="https://www.ethicalhacker.net/members/maxe/" rel="nofollow">@maxe</a> wrote:</em></p> <blockquote><p> <em><a href="https://www.ethicalhacker.net/members/dark_knight/" rel="nofollow">@dark_knight</a> wrote:</em></p> <blockquote><p> Has anybody used the ClickJacking tool recently? Got a few questions. </p></blockquote> <p> No but there&#8217;s plenty of resources on how to conduct click-jacking attacks including a few demo&#8217;s on various websites.  ;D </p></blockquote> <p> Are you saying I should actually go and do some research?  ;D  ;D<br /> #lazyweb </p></blockquote> <p>Yes, it&#8217;s what a real hacker would/will do.  😉</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49133" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">October 22, 2012 at 11:35 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49133" class="bbp-reply-permalink">#49133</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49133 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-16 user-id-1024 post-49133 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/alucian/" title="View alucian&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/bdc8503f1fd60c13925951176eeddaa3?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/bdc8503f1fd60c13925951176eeddaa3?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/alucian/" title="View alucian&#039;s profile" class="bbp-author-name" rel="nofollow">alucian</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Nice writing. Very appreciated.</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49134" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">October 23, 2012 at 11:44 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49134" class="bbp-reply-permalink">#49134</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49134 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-17 user-id-1554 post-49134 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/triban/" title="View Triban&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/e6ee5dde2b9f394d7f8c8c7efd2f2a17?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/e6ee5dde2b9f394d7f8c8c7efd2f2a17?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/triban/" title="View Triban&#039;s profile" class="bbp-author-name" rel="nofollow">Triban</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Nice writeup man!  Very useful!  I think it should be stickied 😀</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49135" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">October 29, 2012 at 11:49 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49135" class="bbp-reply-permalink">#49135</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49135 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-18 user-id-2555 topic-author post-49135 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/c6fa77e6eae4b1f7892ea1318c6792bc?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/jamie-r/" title="View Jamie.R&#039;s profile" class="bbp-author-name" rel="nofollow">Jamie.R</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Glad it was useful I like helping others and the feedback I have gotten so far makes me want to contribute more 🙂</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49136" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">November 26, 2012 at 8:08 am</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49136" class="bbp-reply-permalink">#49136</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49136 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-19 user-id-1917 post-49136 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/prats84/" title="View prats84&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/aafca32eb379622fe4a4bf5343236ce7?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/aafca32eb379622fe4a4bf5343236ce7?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/prats84/" title="View prats84&#039;s profile" class="bbp-author-name" rel="nofollow">prats84</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>Awesome.. thnx</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49137" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">December 26, 2012 at 5:52 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49137" class="bbp-reply-permalink">#49137</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49137 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-20 user-id-1794 post-49137 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/raptorsl/" title="View raptorsl&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/a0d200ce3fc0aa8d3f50f7c28df80585?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/a0d200ce3fc0aa8d3f50f7c28df80585?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/raptorsl/" title="View raptorsl&#039;s profile" class="bbp-author-name" rel="nofollow">raptorsl</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>very useful article. Thanks</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> <li> <div id="post-49138" class="bbp-reply-header"> <div class="bbp-meta"> <span class="bbp-reply-post-date">July 27, 2014 at 7:35 pm</span> <a href="https://www.ethicalhacker.net/forums/topic/beginners-tips-for-testing-web-applicaiton/#post-49138" class="bbp-reply-permalink">#49138</a> <span class="bbp-admin-links"></span> </div><!-- .bbp-meta --> </div><!-- #post-49138 --> <div class="even bbp-parent-forum-91 bbp-parent-topic-7813 bbp-reply-position-21 user-id-2895 post-49138 reply type-reply status-publish hentry"> <div class="bbp-reply-author"> <a href="https://www.ethicalhacker.net/members/globallinks1/" title="View globallinks1&#039;s profile" class="bbp-author-avatar" rel="nofollow"><img alt='' src='//www.gravatar.com/avatar/e1f8fb9fcee6e3afc4dbfb77f17e8b50?s=80&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/e1f8fb9fcee6e3afc4dbfb77f17e8b50?s=80&#038;r=pg&#038;d=mm 2x' class='avatar avatar-80 photo' height='80' width='80' /></a>&nbsp;<a href="https://www.ethicalhacker.net/members/globallinks1/" title="View globallinks1&#039;s profile" class="bbp-author-name" rel="nofollow">globallinks1</a>&nbsp;<div class="role-participant bbp-author-role">Participant</div> </div><!-- .bbp-reply-author --> <div class="bbp-reply-content"> <p>😀 <em>@Jamie.R wrote:</em></p> <blockquote><p>This guide is written with newbie’s in mind to show them some of the basic concepts when testing web applications and trying to bring them up to speed on testing web applications. It’s not designed to be a one stop solution but a way to explain some of the basic information and give them materials to go and find out more for themselves.</p> <p><strong>Setup</strong><br /> In order to test web applications there are three tools that I use every single time. I use Firefox as my testing browser with foxy proxy plugin, Burp suit as my proxy and Google chrome for searching browsers, as I don’t want any Google searches affecting what’s in burp suit as the client may wish to see the burp suit logs.</p> <p><strong>Starting the test</strong><br /> When testing a website I like to spend around 30 minutes just browsing the site as any user would, trying to identify the static pages from the dynamic pages and trying to identify which technologies are being used: PHP, ASP, JavaScript or even Perl. I usually do this process whilst using burp suit. If you have the pro version it will start to identify issues with the site, like XSS, http only cookies and so on. You can also try and force errors from the page; this may give away internal paths or version information. Version information can also usually be found in the headers. There are addition tools you can use like Hoppy or Nikto to help map the web application.</p> <p><a href="http://labs.portcullis.co.uk/application/hoppy/" rel="nofollow">http://labs.portcullis.co.uk/application/hoppy/</a><br /> <a href="http://cirt.net/nikto2/" rel="nofollow">http://cirt.net/nikto2/</a></p> <p>Once I have good idea about the site I start by looking for default pages. For example if it’s a contents management site like Word press, Drupal or any other popular site, I tend to download the files and quickly set it up in a Lamp, WAMP or MAMP environment this way I can see what the default settings are as well as how the files are structured. This gives me a good idea of where to look in the application I am testing. Can I access an admin page? Or is there a backup of the default admin login detail? This all needs to be investigated to see what you can and cannot access and help map the application.</p> <p>If the application is not using a CMS then I start by trying to access common files like robots.txt and then try to view any pages listed in that. If there are not any robots files, I then try default pages like admin.php, account.php so on.  At this point you could use the spider feature in burp suit to try and get a much better idea of the application or use Dirbuster to try brute force on any hidden directories.</p> <p>Once this has all been done you should have a really good understanding of the application. What it does, how it was build and maybe even some small issues to report like internal path, information disclosure etc. Having a good idea of how the application was built, this is an essential to understand as if you trying to exploit an SQL injection. If you know the developers have followed a certain naming pattern, you can take an educated guess they have done the same in their database this will make exploiting it easier if you find SQL injections on the site.</p> <p><strong>Starting the attack</strong><br /> We have a really good understanding of the site and the inner workings and so it’s time to start finding issues with the site.</p> <p><strong>Login Page</strong><br /> If the website has a login page then I first create an account, during this process I see if I can use a weak password like the character ‘A’. If I can then this is an issue and would report it to the client as they should be using at least 9-20 characters with a mixture of upper, lower, numbers and symbols for the password. After I have registered with the site I attempt to login to the site looking for any errors messages. I want to make sure that the errors are not given any information away like “This passwords does not match the username” As an attacker this then tells me that I have a valid username so I can enumerate user.</p> <p><strong>Injection </strong><br /> This is where you can inject into the page; you can find this with an error message, which is the most common place, just like the example below. The reason this is an issue is it lets anyone write anything on your site so it’s a great tool to use with social engineer. We could write a message encode it then send it to a customer, they would then ring the number and we could try to get account information from them.</p> <p><em>Example Error injection</em><br /> <a href="http://testsite.com/page/sign-in?error=Please" rel="nofollow">http://testsite.com/page/sign-in?error=Please</a> call tech support 0800 000 000</p> <p><strong>XSS (Cross site Scripting)</strong><br /> The first attack I intend to try is XSS. I look for both stored and reflected XSS. The way I like to test for XSS is using the tag I will place this into any form field and if there is a possible XSS it will break the page and turn the HTML into text. This means when you view the page instead of seeing a GUI you see the HTML. You can also use alert (“XSS”) there are also lots of other ways to test for XSS. The paces you want to test XSS are post variables, get, cookies variables, and HTTP headers. XSS is mainly used for phishing attacks as well as stealing cookies and a cool tool to check out its beef project. A lot of site setup filtering to prevent this by replacing any dangerous characters, there are ways to get pass these filters depending on how they are setup. An example of this would be if a site was using a script to search the input data and only once you have done this then you could try alert (“XSS”) &lt;/script What would happen here is the script would search for tags but as it only runs once it would remove the first tags leaving the second. There are also lots of ways to bypass filters using encoding or different types of tags like HTML5 tags but this post as well as DOM based XSS attacks.</p> <p><em><strong>Example Get XSS with URL encoding:</strong></em><br /> <a href="http://testsite.com/page/sign-in?error=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E" rel="nofollow">http://testsite.com/page/sign-in?error=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E</a></p> <p><strong>Additional Resources:</strong><br /> <a href="http://ha.ckers.org/xss.html" rel="nofollow">http://ha.ckers.org/xss.html</a><br /> <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29" rel="nofollow">https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29</a><br /> <a href="http://beefproject.com/" rel="nofollow">http://beefproject.com/</a><br /> <a href="http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/" rel="nofollow">http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/</a><br /> <a href="http://html5sec.org/" rel="nofollow">http://html5sec.org/</a></p> <p><strong>Broken Authentication </strong><br /> A great way to test broken authentication is to find out the URL for something you should only have access to if you were logged in. If you can then go straight to this page without signing in, this indicates broken authentication. Another problem with authentication is if you can guess the session ID you could potentially gain access by guessing or brute forcing the session ID.</p> <p><strong>Additional Resources:</strong><br /> <a href="https://www.owasp.org/index.php/Top_10_2010-A3" rel="nofollow">https://www.owasp.org/index.php/Top_10_2010-A3</a></p> <p><strong>SQL Injections</strong><br /> SQL Injections is a massive subject in fact there are dedicated books on it. When testing the application I want to try to get, post, headers and cookies fields. If it’s running MYSQL I tend to just use a; or ‘to break the code, then I can build on this or use SQLMAP to try to exploit the database. This does depend on what database is being used. There are also two types of injection error based and blind, Error based is easy to exploit where blind does take a bit of skill. Error bases is easy to identify as you get some sort of MySQL error relating to the code you have now broken by placing a ‘into the query.</p> <p><em>Example: </em><br /> We have a box that allows us to supply a name we are going to supply a ‘ this will then be inserted into the query below.<br /> Select name from table where name = “$name”;<br /> What we do is break this query by supplying the ‘so it becomes Select name from the table where name = “’”; this should cause an error as this is not valid syntax.</p> <p>This is a really basic example of SQL injections</p> <p><strong>Additional Resources:</strong><br /> <a href="http://www.unixwiz.net/techtips/sql-injection.html" rel="nofollow">http://www.unixwiz.net/techtips/sql-injection.html</a><br /> <a href="http://sqlmap.org/" rel="nofollow">http://sqlmap.org/</a><br /> <a href="http://www.amazon.co.uk/Injection-Attacks-Defense-Justin-Clarke/dp/1597499633/ref=sr_1_1?ie=UTF8&amp;qid=1344699444&amp;sr=8-1" rel="nofollow">http://www.amazon.co.uk/Injection-Attacks-Defense-Justin-Clarke/dp/1597499633/ref=sr_1_1?ie=UTF8&#038;qid=1344699444&#038;sr=8-1</a><br /> <a href="https://www.owasp.org/index.php/Blind_SQL_Injection" rel="nofollow">https://www.owasp.org/index.php/Blind_SQL_Injection</a><br /> <a href="https://www.owasp.org/index.php/SQL_Injection" rel="nofollow">https://www.owasp.org/index.php/SQL_Injection</a></p> <p><strong>Storing Password</strong><br /> If we can we want to try to identify how the passwords or credit cards are being stored in the database. The simplest way to do this is if the application has reset password you can use this and see if you get your password back in plain text. If you do get your passwords in plain text this means they are being stored in plain text or they are using an encryption that is easy to reverse. This is more common than you think it should be. In fact a major retailer in the UK has just admitted they are storing passwords in plain text.</p> <p><strong>Additional Resources:</strong><br /> <a href="http://www.gizmodo.co.uk/2012/07/pain-text-password-storage-but-one-of-tesco-onlines-possible-security-holes/" rel="nofollow">http://www.gizmodo.co.uk/2012/07/pain-text-password-storage-but-one-of-tesco-onlines-possible-security-holes/</a><br /> <a href="http://crackstation.net/hashing-security.htm" rel="nofollow">http://crackstation.net/hashing-security.htm</a></p> <p><strong>CLICK JACKING</strong><br /> I think every site I have tested is vulnerable to this attack method. The simplest way to explain this is overlaying a website on top of another website. This happens a lot on Facebook where users think they are clicking like but they really clicking the box behind that is sending a message to all of your friends.</p> <p><strong>Additional Resources:</strong><br /> <a href="https://www.owasp.org/index.php/Clickjacking" rel="nofollow">https://www.owasp.org/index.php/Clickjacking</a><br /> <a href="http://www.contextis.com/research/tools/clickjacking-tool/" rel="nofollow">http://www.contextis.com/research/tools/clickjacking-tool/</a><br /> <a href="http://javascript.info/tutorial/clickjacking" rel="nofollow">http://javascript.info/tutorial/clickjacking</a></p> <p><strong>BRUTE FORCING</strong><br /> I have never really used brute forcing techniques when testing web applications. I always got told that if you need to brute force then you missed something. If I come across a login page I will maybe try a small amount of brute forcing like admin:admin, admin:password and administrator:sitename But no more than say around ten attempts. I also want to see if I get locked out at all, to see if I can’t login after a certain amount of times, as this would be an issue in some situations but most clients accept this as a small risk and don’t care about it.<br /> You can use tools like Burpsuit for brute forcing as well as hydra most browser also have plugins that you can use to try and get access to the application.</p> <p><strong>Additional Resources:</strong><br /> <a href="http://www.thc.org/thc-hydra/" rel="nofollow">http://www.thc.org/thc-hydra/</a><br /> <a href="https://addons.mozilla.org/uk/firefox/addon/fireforce/" rel="nofollow">https://addons.mozilla.org/uk/firefox/addon/fireforce/</a></p> <p><strong>SSL </strong><br /> When testing a website we want to make sure that all sensitive data is sent using SSL. And it’s using a good chipher so anything above 128 would do. We also want to make sure that the certificate has not expired or there are any other issue with it.</p> <p><strong>Additional Resources:</strong><br /> <a href="http://sourceforge.net/projects/sslscan/" rel="nofollow">http://sourceforge.net/projects/sslscan/</a></p> <p><strong>FILE UPLOADS</strong><br /> Sites that allow file uploads sometimes do not use filtering on the file type, this means that you can upload picture.php that contains a PHP backdoor. You can then view this page by going to <a href="http://www.exmaplesite.com/picture.php" rel="nofollow">http://www.exmaplesite.com/picture.php</a> from here depending on your back door you can run commands on the box like cat /etc/shadow. There are many web backdoors contained in backtrack as well as a great site called pentestmonkey.co.uk. Another trick you can try is to rename the file, if the site has some sort of filtering in place, for example picture.jpg.php this is because most scripts will search the line for a .jpg extension. It will say does this line contact a .jpg and the answer is yes so this would let you upload the file and bypass any filter as if we tried to upload picture.php it would not find the .jpg and not allow us to upload the file.<br /> CSRF Cross site request forgery</p> <p>This is a bit of a tricky one to explain but let’s see if we can explain it as simple as possible. CSRF is when you are logged into one site for example Amazon and then you are using another website called eveilhcker.com. You click a button on this site that you think will register you to the site and it does but at the same time it makes a request to Amazon on your behalf telling Amazon that you want to buy a book, using the one click buy feature. So what’s happened now is that you’re registered to evilhacker.com but you also brought a book that you are totally unaware of as it’s all happened in the background.</p> <p><strong>NUESSES</strong><br /> The last stage of the test that I like to run is Nessus this just helps me to identify any other issues that I may have missed. Once this has been done I try and confirm any issues it has found before reporting them to the client.</p> <p><strong>CUSTOMER RECOMENNDATIONS</strong><br /> When we provide the report to the customer we want to make sure that all issues have a really good explanation on how to fix the problems. We also want to make some general recommendations, like making sure CMS are updated and you force the user to use strong passwords.</p> <p><strong>Other Attacks</strong><br /> There are lots of other attack vectors for application including session fixation, local file includes, remote file includes and Ajax attack to name a few. As this is not a step by step guide if you want to learn more about these types of attack I would recommend web applications the best book I think you can get is the Web Applications Hacker Hand book. If you really interested in learning more about web apps, a course I really recommend is elearnsecurity and their labs on web applications. The people behind the book above also offer a web course but this cost around $7 per hour.</p> <p>Another really good resource is the OWASP web application security testing cheat sheet</p> <p><a href="https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet" rel="nofollow">https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet</a></p> <p>I hope people fine this useful feel free to add more if you think I have missed anything and would love to get any feedback.</p></blockquote> <p> This post has helped me more in 10 min than I have in weeks of reading tutorials on specific topics<br /> thanx</p> </div><!-- .bbp-reply-content --> </div><!-- .reply --> </li> </li><!-- .bbp-body --> <li class="bbp-footer"> <div class="bbp-reply-author">Author</div> <div class="bbp-reply-content"> Posts </div><!-- .bbp-reply-content --> </li><!-- .bbp-footer --> </ul><!-- #topic-7813-replies --> <div class="bbp-pagination"> <div class="bbp-pagination-count"> </div> <div class="bbp-pagination-links"> </div> </div> <div id="no-reply-7813" class="bbp-no-reply"> <div class="bbp-template-notice"> <p>You must be logged in to reply to this topic.</p> </div> </div> </div> </div><!--end article-content--> </article> <!-- End Article --> <!-- Begin Comments --> <!-- End Comments --> </div><!--end wrap-content--> </div><!--end main-page-template--> <div class="sidebar sidebar-main col-sm-3 sidebar-left col-sm-pull-9"> <div class="inner-content widgets-container"> <div id="custom_html-2" class="widget_text widget widget_custom_html"><div class="textwidget custom-html-widget"><p style="text-align: center; padding: 0px; margin: 0px; vertical-align: top;"><a href="https://www.ethicalhacker.net/register/"><img src="https://www.ethicalhacker.net/wp-content/uploads/common/eh-net_free_pts.jpg" alt="EH-Net - New Member Offer - Free eLS PTS Barebone Ed" width="440" height="334" /></a></p></div></div><div id="media_image-3" class="widget widget_media_image"><a href="https://www.ethicalhacker.net/eh-net-tv/"><img width="440" height="117" src="https://www.ethicalhacker.net/wp-content/uploads/common/eh-net-tv_col-header_440x117.png" class="image wp-image-126748 attachment-full size-full" alt="EH-Net TV - Column Header" style="max-width: 100%; height: auto;" srcset="https://www.ethicalhacker.net/wp-content/uploads/common/eh-net-tv_col-header_440x117.png 440w, https://www.ethicalhacker.net/wp-content/uploads/common/eh-net-tv_col-header_440x117-300x80.png 300w" sizes="(max-width: 440px) 100vw, 440px" /></a></div><div id="text-6" class="widget widget_text"><h4 class="widget-title">Upcoming Webinars</h4> <div class="textwidget"><p>&#8211; <strong>EH-Net Live! November </strong>features<strong> Ray Doyle </strong>presenting<a href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-all-things-ctf/"><strong> All Things CTF!</strong></a> on <strong><span style="color: #00bb00;">Thursday Nov 21 at 1:00 US Eastern</span></strong> <strong><span style="color: #ff6600;">Reg Open NOW!</span></strong></p> <p><a href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-all-things-ctf/"><img class="aligncenter wp-image-126153 size-full" src="https://www.ethicalhacker.net/wp-content/uploads/features/specialevents/webinar_button_registernow.gif" alt="EH-Net Live! January 2019 - A Perfect Crime" width="183" height="31" /></a></p> <hr /> </div> </div><div id="text-10" class="widget widget_text"><h4 class="widget-title">Past Webinars</h4> <div class="textwidget"><p>&#8211; <strong>EH-Net Live! Oct</strong> &#8211; <strong><span style="color: #ff6600;">Video &amp; Deck Now Available!</span></strong> for &#8220;<a href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-hacking-humans/"><strong>Hacking Humans</strong></a>&#8221; w/ Hadnagy, Paul &amp; Baron from Oct 29.</p> <p>&#8211; <strong>EH-Net Live! August</strong> &#8211; <strong><span style="color: #ff6600;">Video &amp; Deck Now Available!</span></strong> for &#8220;<a href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-wireshark-for-hackers/"><strong>Wireshark for Hackers</strong></a>&#8221; w/ Laura Chappell from Aug 29.</p> <p>&#8211; <strong>EH-Net Live! July</strong> &#8211; <strong><span style="color: #ff6600;">Video &amp; Deck Now Available!</span></strong> for &#8220;<a href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-def-con-goons-badges-and-talks-inside-the-largest-hacker-con-in-the-world/"><strong>DEF CON Goons, Badges and Talks &#8211; Inside the Largest Hacker Con in the World</strong></a>&#8221; w/ <em><strong>Pyr0, CmdC0de &amp; Investigatorchic</strong></em> from July 25.</p> <p>&#8211; <strong>EH-Net Live! June</strong> &#8211; <strong><span style="color: #ff6600;">Video &amp; Deck Now Available!</span></strong> for &#8220;<a href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-hacking-the-extraterrestrial-internet/"><strong>Hacking the Extraterrestrial Internet – Where Fiction Meets Reality</strong></a>&#8221; w/ author Daniel Suarez and Scott Burleigh of IPNSIG from June 27.</p> <p>See all <a href="https://www.ethicalhacker.net/category/eh-net-tv/eh-net-live/">EH-Net Live! Videos</a></p> </div> </div><div id="media_video-2" class="widget widget_media_video"><h4 class="widget-title">EH-Net YouTube Channel</h4><div style="width:100%;" class="wp-video"><!--[if lt IE 9]><script>document.createElement('video');</script><![endif]--> <video class="wp-video-shortcode" id="video-7813-1" preload="metadata" controls="controls"><source type="video/youtube" src="https://www.youtube.com/watch?v=KTFTfxGH2hE&#038;_=1" /><a href="https://www.youtube.com/watch?v=KTFTfxGH2hE">https://www.youtube.com/watch?v=KTFTfxGH2hE</a></video></div></div><div id="text-5" class="widget widget_text"> <div class="textwidget"><p>More on the <a href="http://www.youtube.com/ethicalhackernetwork" target="_blank" rel="noopener noreferrer">EH-Net YouTube Channel</a></p> </div> </div><div id="tribe-events-list-widget-2" class="widget tribe-events-list-widget"><h4 class="widget-title">Upcoming Events</h4> <ol class="tribe-list-widget"> <li class="tribe-events-list-widget-events type-tribe_events post-171680 tribe-clearfix tribe-events-category-europe tribe-events-category-irl tribe-events-venue-171683 tribe-events-organizer-126651"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/black-hat-europe-2019/" rel="bookmark">Black Hat Europe 2019</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">December 2</span> - <span class="tribe-event-date-end">December 5</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-172321 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-172324"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/cactuscon-2019/" rel="bookmark">CactusCon 2019</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">December 6</span> - <span class="tribe-event-date-end">December 7</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-172528 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-169625"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/shmoocon-2020/" rel="bookmark">ShmooCon 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">January 31, 2020</span> - <span class="tribe-event-date-end">February 2, 2020</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-171864 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-171867"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/sevillage-orlando-2020/" rel="bookmark">SEVillage Orlando 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">February 20, 2020</span> - <span class="tribe-event-date-end">February 22, 2020</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-171848 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-124392"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/rsa-conference-2020/" rel="bookmark">RSA Conference 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">February 24, 2020</span> - <span class="tribe-event-date-end">February 28, 2020</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-171860 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-171863"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/kernelcon-2020/" rel="bookmark">Kernelcon 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">March 25, 2020</span> - <span class="tribe-event-date-end">March 28, 2020</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-171852 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-126743"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/infosec-world-2020/" rel="bookmark">InfoSec World 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">March 30, 2020</span> - <span class="tribe-event-date-end">April 1, 2020</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-171856 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-171859"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/nolacon-2020/" rel="bookmark">NolaCon 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">May 15, 2020</span> - <span class="tribe-event-date-end">May 17, 2020</span> </div> </li> <li class="tribe-events-list-widget-events type-tribe_events post-171995 tribe-clearfix tribe-events-category-irl tribe-events-category-us tribe-events-venue-171998"> <!-- Event Title --> <h4 class="tribe-event-title"> <a href="https://www.ethicalhacker.net/event/blue-team-con-2020/" rel="bookmark">Blue Team Con 2020</a> </h4> <!-- Event Time --> <div class="tribe-event-duration"> <span class="tribe-event-date-start">June 20, 2020</span> - <span class="tribe-event-date-end">June 21, 2020</span> </div> </li> </ol><!-- .tribe-list-widget --> <p class="tribe-events-widget-link"> <a href="https://www.ethicalhacker.net/events/" rel="bookmark">View All Events</a> </p> </div><script type="application/ld+json"> [{"@context":"http://schema.org","@type":"Event","name":"Black Hat Europe 2019","description":"&lt;p&gt;Black Hat Europe 2019 Black Hat Europe 2019 provides attendees with the latest in research, development, and trends in Information Security. Here the brightest professionals and researchers in the industry come together for a total of four days. Trainings at Black Hat Europe 2019 Mon, Dec 2 - Thurs, Dec 5 Often designed exclusively for Black Hat, Trainings provide interactive [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/black-hat-europe-2019/","startDate":"2019-12-02T00:00:00-06:00","endDate":"2019-12-05T23:59:59-06:00","location":{"@type":"Place","name":"ExCeL London","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"One Western Gateway","addressLocality":"London","postalCode":"E16 1XL","addressCountry":"United Kingdom"},"telephone":"","sameAs":"https://www.excel.london/visitor"},"organizer":{"@type":"Person","name":"Black Hat","description":"","url":false,"telephone":"866 203 8081","email":"bl&#97;c&#107;h&#97;&#116;&#114;e&#103;&#105;&#115;tr&#97;ti&#111;n&#64;ub&#109;.&#99;&#111;m","sameAs":"https://www.blackhat.com/"},"offers":{"@type":"Offer","price":"1299","priceCurrency":"\u00a3","url":"https://www.ethicalhacker.net/event/black-hat-europe-2019/","category":"primary","availability":"inStock","validFrom":"2019-08-19T00:00:00+00:00"},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"CactusCon 2019","description":"&lt;p&gt;Since 2012, we have aimed to provide a top-tier security conference for people who share a passion for information security. Join us at CactusCon 2019! Our Mission CactusCon is the largest annual hacker and security conference in Arizona and this year is expected to attract over 1,000 attendees from throughout the entire country. Over years, it has established a solid [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/cactuscon-2019/","startDate":"2019-12-06T00:00:00-06:00","endDate":"2019-12-07T23:59:59-06:00","location":{"@type":"Place","name":"Mesa Convention Center","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"263 N Center St","addressLocality":"Mesa","addressRegion":"AZ","postalCode":"85201","addressCountry":"United States"},"telephone":"","sameAs":""},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"ShmooCon 2020","description":"&lt;p&gt;Tickets for ShmooCon 2020 will be sold on Nov 1, Dec 1, and Dec 13, 2019 at noon, Eastern Time. \u00a0These dates are subject to change so please keep an eye on our\u00a0news\u00a0page or follow us on\u00a0twitter\u00a0for updates.\u00a0Be warned, tickets sell out very quickly. \u00a0Last year tickets sold out in just over 17 seconds across the three rounds of sales. [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/shmoocon-2020/","startDate":"2020-01-31T00:00:00-06:00","endDate":"2020-02-02T23:59:59-06:00","location":{"@type":"Place","name":"Washington Hilton Hotel","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"1919 Connecticut Ave., NW","addressLocality":"Washington","addressRegion":"DC","postalCode":"20009","addressCountry":"United States"},"telephone":"1-202-483-3000","sameAs":"http://www3.hilton.com/en/hotels/district-of-columbia/washington-hilton-DCAWHHH/index.html"},"offers":{"@type":"Offer","price":"150","priceCurrency":"$","url":"https://www.ethicalhacker.net/event/shmoocon-2020/","category":"primary","availability":"inStock","validFrom":"2019-10-08T00:00:00+00:00"},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"SEVillage Orlando 2020","description":"&lt;p&gt;SEVillage Orlando 2020 is the Professional Social Engineer\u2019s Training Conference. About SEVillage Orlando 2020 SEVillage Orlando 2020 is the next evolution within social engineering. Built on the foundation Social-Engineer.Org laid more than a decade ago to establish and formalize social engineering through education, the Social Engineering Framework, and the Social Engineering Code of Ethics, SEVillage expands upon the universe of [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/sevillage-orlando-2020/","startDate":"2020-02-20T00:00:00-06:00","endDate":"2020-02-22T23:59:59-06:00","location":{"@type":"Place","name":"Hilton Orlando Buena Vista Palace","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"1900 East Buena Vista Drive","addressLocality":"Orlando","addressRegion":"FL","postalCode":"32830","addressCountry":"United States"},"telephone":"","sameAs":""},"offers":{"@type":"Offer","price":"1299","priceCurrency":"$","url":"https://www.ethicalhacker.net/event/sevillage-orlando-2020/","category":"primary","availability":"inStock","validFrom":"2019-09-10T00:00:00+00:00"},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"RSA Conference 2020","description":"&lt;p&gt;What is the most powerful tool to prevent cyberattacks? It\u2019s you. Your ideas, your connections, your creativity and your knowledge play a huge role in protecting the digital world. That\u2019s why the theme of RSA Conference 2020 is Human Element. RSA Conference 2020 is here to support you in your mission\u2014by bringing you together with thousands of your peers, by [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/rsa-conference-2020/","startDate":"2020-02-24T00:00:00-06:00","endDate":"2020-02-28T23:59:59-06:00","location":{"@type":"Place","name":"Moscone Center","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"747 Howard Street","addressLocality":"San Francisco","addressRegion":"CA","postalCode":"94103","addressCountry":"United States"},"telephone":"","sameAs":""},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"Kernelcon 2020","description":"&lt;p&gt;Kernelcon 2020 theme is Vision. Our focus will revolve around both learning from hindsight and looking towards the future! Events at Kernelcon 2020 2 DAYS OF TRAINING 2 DAYS OF TALKS 2 Tracks 2 Keynotes Villages Competitions Training Courses Hands-on Classes About Kernelcon Kernelcon is the result of many motivated information security professionals who recognized the opportunity to create an [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/kernelcon-2020/","startDate":"2020-03-25T00:00:00-05:00","endDate":"2020-03-28T23:59:59-05:00","location":{"@type":"Place","name":"Embassy Suites by Hilton Omaha Downtown Old Market","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"555 South 10th Street","addressLocality":"Omaha","addressRegion":"NE","postalCode":"68102","addressCountry":"United States"},"telephone":"+1-402-346-9000","sameAs":""},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"InfoSec World 2020","description":"&lt;p&gt;Join your peers and our experts at\u00a0InfoSec World 2020 Conference &amp; Expo on March 30 \u2013 April 1\u00a0to not only address the disruptive technologies and threats on the horizon, but to create a plan for managing the people, processes and tools for how your organizations react and cope with these intrusive circumstances. Is 2020 just a new decade of being [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/infosec-world-2020/","startDate":"2020-03-30T00:00:00-05:00","endDate":"2020-04-01T23:59:59-05:00","location":{"@type":"Place","name":"Disney&#8217;s Contemporary Resort","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"4600 North World Drive","addressLocality":"Lake Buena Vista","addressRegion":"FL","postalCode":"32830","addressCountry":"United States"},"telephone":"(407) 939-4686","sameAs":"https://disneyworld.disney.go.com/resorts/contemporary-resort/"},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"NolaCon 2020","description":"&lt;p&gt;NolaCon is an Information Security/Hacker conference for professionals and enthusiasts alike located in New Orleans, offering training as well interesting and inventive talks and workshops. NolaCon 2020 will be our 7th year, we have moved to a new larger venue (only 1 block from the old hotel) and are looking forward to our best year yet! The talks will cover [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/nolacon-2020/","startDate":"2020-05-15T00:00:00-05:00","endDate":"2020-05-17T23:59:59-05:00","location":{"@type":"Place","name":"Hyatt Centric &#8211; New Orleans","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"800 Iberville St.","addressLocality":"New Orleans","addressRegion":"LA","postalCode":"70113","addressCountry":"United States"},"telephone":"","sameAs":"https://www.hyatt.com/en-US/group-booking/MSYRF/G-NOLA"},"offers":{"@type":"Offer","price":"99 \u2013 175","priceCurrency":"$","url":"https://www.ethicalhacker.net/event/nolacon-2020/","category":"primary","availability":"inStock","validFrom":"2019-09-10T00:00:00+00:00"},"performer":"Organization"},{"@context":"http://schema.org","@type":"Event","name":"Blue Team Con 2020","description":"&lt;p&gt;While traveling around the country to various conferences, through a mix of observation, participation, and attendance of many talks it became quite clear a gap within the information security industry currently exists. When it comes to these industry standard conferences and gatherings, the information sharing network for red team and offense research and activities was very mature while those for [&hellip;]&lt;/p&gt;\\n","url":"https://www.ethicalhacker.net/event/blue-team-con-2020/","startDate":"2020-06-20T00:00:00-05:00","endDate":"2020-06-21T23:59:59-05:00","location":{"@type":"Place","name":"Fairmont Chicago","description":"","url":false,"address":{"@type":"PostalAddress","streetAddress":"200 North Columbus Drive","addressLocality":"Chicago","addressRegion":"IL","postalCode":"60601","addressCountry":"United States"},"telephone":"","sameAs":"https://www.fairmont.com/chicago/"},"performer":"Organization"}] </script><div id="kleo_recent_posts-3" class="widget widget_kleo_recent_posts"><h4 class="widget-title">Recent Articles</h4> <div> <ul class='news-widget-wrap'> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-all-things-ctf/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99eed9-bpthumb.png' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99b2f6-bpfull.png 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Webinar: All Things CTF! <small class="news-time">November 6, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-hacking-humans/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99eed9-bpthumb.png' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99b2f6-bpfull.png 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Video: Hacking Humans <small class="news-time">November 5, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-hacking-humans/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99eed9-bpthumb.png' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99b2f6-bpfull.png 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Webinar: Hacking Humans <small class="news-time">October 16, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/features/root/wireless-pentesting-part-1-an-overview/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/701/5c8984ffbbdb7-bpthumb.jpg' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/701/5c8984ffba57f-bpfull.jpg 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Wireless Pentesting Part 1 – An Overview <small class="news-time">October 2, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-wireshark-for-hackers/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99eed9-bpthumb.png' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99b2f6-bpfull.png 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Video &#8211; Wireshark for Hackers <small class="news-time">September 17, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/columns/chappell/top-10-uses-of-wireshark-for-hackers-part-ii/"> <span class="news-thumb"><img alt='' src='//www.gravatar.com/avatar/9b4bb3984350b45aee3eda5cc1c90d36?s=40&#038;r=pg&#038;d=mm' srcset='//www.gravatar.com/avatar/9b4bb3984350b45aee3eda5cc1c90d36?s=40&#038;r=pg&#038;d=mm 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Top 10 Uses of Wireshark for Hackers Part II <small class="news-time">August 27, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-wireshark-for-hackers/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99eed9-bpthumb.png' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99b2f6-bpfull.png 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Webinar: Wireshark for Hackers <small class="news-time">August 14, 2019</small></span> </a> </li> <li class="news-content"> <a class="news-link" href="https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-def-con-goons-badges-and-talks-inside-the-largest-hacker-con-in-the-world/"> <span class="news-thumb"><img alt='' src='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99eed9-bpthumb.png' srcset='https://www.ethicalhacker.net/wp-content/uploads/avatars/2753/5aab3cb99b2f6-bpfull.png 2x' class='avatar avatar-40 photo' height='40' width='40' /></span> <span class="news-headline">Video: DEF CON Goons, Badges and Talks – Inside the Largest Hacker Con in the World <small class="news-time">July 29, 2019</small></span> </a> </li> </ul> </div> </div><div id="tag_cloud-2" class="widget widget_tag_cloud"><h4 class="widget-title">Tags</h4><div class="tagcloud"><a href="https://www.ethicalhacker.net/tag/2018/" class="tag-cloud-link tag-link-145 tag-link-position-1" style="font-size: 19.75pt;" aria-label="2018 (52 items)">2018</a> <a href="https://www.ethicalhacker.net/tag/2019/" class="tag-cloud-link tag-link-467 tag-link-position-2" style="font-size: 20.375pt;" aria-label="2019 (58 items)">2019</a> <a href="https://www.ethicalhacker.net/tag/2020/" class="tag-cloud-link tag-link-805 tag-link-position-3" style="font-size: 9.5pt;" aria-label="2020 (7 items)">2020</a> <a href="https://www.ethicalhacker.net/tag/ai/" class="tag-cloud-link tag-link-564 tag-link-position-4" style="font-size: 8pt;" aria-label="AI (5 items)">AI</a> <a href="https://www.ethicalhacker.net/tag/book-review/" class="tag-cloud-link tag-link-76 tag-link-position-5" style="font-size: 15.25pt;" aria-label="book review (22 items)">book review</a> <a href="https://www.ethicalhacker.net/tag/bsides/" class="tag-cloud-link tag-link-226 tag-link-position-6" style="font-size: 9.5pt;" aria-label="bsides (7 items)">bsides</a> <a href="https://www.ethicalhacker.net/tag/bug-hunting/" class="tag-cloud-link tag-link-382 tag-link-position-7" style="font-size: 9.5pt;" aria-label="bug hunting (7 items)">bug hunting</a> <a href="https://www.ethicalhacker.net/tag/career/" class="tag-cloud-link tag-link-42 tag-link-position-8" style="font-size: 15.5pt;" aria-label="career (23 items)">career</a> <a href="https://www.ethicalhacker.net/tag/certification/" class="tag-cloud-link tag-link-102 tag-link-position-9" style="font-size: 10.125pt;" aria-label="certification (8 items)">certification</a> <a href="https://www.ethicalhacker.net/tag/community/" class="tag-cloud-link tag-link-169 tag-link-position-10" style="font-size: 10.125pt;" aria-label="community (8 items)">community</a> <a href="https://www.ethicalhacker.net/tag/course-review/" class="tag-cloud-link tag-link-46 tag-link-position-11" style="font-size: 11.75pt;" aria-label="course review (11 items)">course review</a> <a href="https://www.ethicalhacker.net/tag/crypto/" class="tag-cloud-link tag-link-523 tag-link-position-12" style="font-size: 8.875pt;" aria-label="crypto (6 items)">crypto</a> <a href="https://www.ethicalhacker.net/tag/defcon/" class="tag-cloud-link tag-link-118 tag-link-position-13" style="font-size: 9.5pt;" aria-label="defcon (7 items)">defcon</a> <a href="https://www.ethicalhacker.net/tag/eh-net-live/" class="tag-cloud-link tag-link-239 tag-link-position-14" style="font-size: 17.375pt;" aria-label="eh-net live! (33 items)">eh-net live!</a> <a href="https://www.ethicalhacker.net/tag/europe/" class="tag-cloud-link tag-link-194 tag-link-position-15" style="font-size: 10.75pt;" aria-label="europe (9 items)">europe</a> <a href="https://www.ethicalhacker.net/tag/event/" class="tag-cloud-link tag-link-178 tag-link-position-16" style="font-size: 22pt;" aria-label="event (79 items)">event</a> <a href="https://www.ethicalhacker.net/tag/forensics-2/" class="tag-cloud-link tag-link-47 tag-link-position-17" style="font-size: 10.75pt;" aria-label="forensics (9 items)">forensics</a> <a href="https://www.ethicalhacker.net/tag/giveaways/" class="tag-cloud-link tag-link-92 tag-link-position-18" style="font-size: 13.25pt;" aria-label="giveaways (15 items)">giveaways</a> <a href="https://www.ethicalhacker.net/tag/hacking/" class="tag-cloud-link tag-link-37 tag-link-position-19" style="font-size: 14.5pt;" aria-label="hacking (19 items)">hacking</a> <a href="https://www.ethicalhacker.net/tag/hardware/" class="tag-cloud-link tag-link-121 tag-link-position-20" style="font-size: 9.5pt;" aria-label="hardware (7 items)">hardware</a> <a href="https://www.ethicalhacker.net/tag/highlight/" class="tag-cloud-link tag-link-137 tag-link-position-21" style="font-size: 19.75pt;" aria-label="highlight (51 items)">highlight</a> <a href="https://www.ethicalhacker.net/tag/incident-response/" class="tag-cloud-link tag-link-551 tag-link-position-22" style="font-size: 8pt;" aria-label="incident response (5 items)">incident response</a> <a href="https://www.ethicalhacker.net/tag/industry/" class="tag-cloud-link tag-link-464 tag-link-position-23" style="font-size: 8.875pt;" aria-label="industry (6 items)">industry</a> <a href="https://www.ethicalhacker.net/tag/infosec/" class="tag-cloud-link tag-link-400 tag-link-position-24" style="font-size: 12.625pt;" aria-label="infosec (13 items)">infosec</a> <a href="https://www.ethicalhacker.net/tag/interview/" class="tag-cloud-link tag-link-49 tag-link-position-25" style="font-size: 8pt;" aria-label="interview (5 items)">interview</a> <a href="https://www.ethicalhacker.net/tag/iot/" class="tag-cloud-link tag-link-322 tag-link-position-26" style="font-size: 9.5pt;" aria-label="iot (7 items)">iot</a> <a href="https://www.ethicalhacker.net/tag/kron/" class="tag-cloud-link tag-link-346 tag-link-position-27" style="font-size: 8.875pt;" aria-label="kron (6 items)">kron</a> <a href="https://www.ethicalhacker.net/tag/los/" class="tag-cloud-link tag-link-241 tag-link-position-28" style="font-size: 10.125pt;" aria-label="los (8 items)">los</a> <a href="https://www.ethicalhacker.net/tag/metasploit/" class="tag-cloud-link tag-link-57 tag-link-position-29" style="font-size: 10.125pt;" aria-label="metasploit (8 items)">metasploit</a> <a href="https://www.ethicalhacker.net/tag/mobile/" class="tag-cloud-link tag-link-86 tag-link-position-30" style="font-size: 8pt;" aria-label="mobile (5 items)">mobile</a> <a href="https://www.ethicalhacker.net/tag/opinion/" class="tag-cloud-link tag-link-91 tag-link-position-31" style="font-size: 10.75pt;" aria-label="opinion (9 items)">opinion</a> <a href="https://www.ethicalhacker.net/tag/pentest/" class="tag-cloud-link tag-link-50 tag-link-position-32" style="font-size: 16.375pt;" aria-label="pentest (27 items)">pentest</a> <a href="https://www.ethicalhacker.net/tag/programming/" class="tag-cloud-link tag-link-85 tag-link-position-33" style="font-size: 10.125pt;" aria-label="programming (8 items)">programming</a> <a href="https://www.ethicalhacker.net/tag/python/" class="tag-cloud-link tag-link-93 tag-link-position-34" style="font-size: 11.75pt;" aria-label="python (11 items)">python</a> <a href="https://www.ethicalhacker.net/tag/reverse-engineering/" class="tag-cloud-link tag-link-78 tag-link-position-35" style="font-size: 8.875pt;" aria-label="reverse engineering (6 items)">reverse engineering</a> <a href="https://www.ethicalhacker.net/tag/sans/" class="tag-cloud-link tag-link-48 tag-link-position-36" style="font-size: 9.5pt;" aria-label="sans (7 items)">sans</a> <a href="https://www.ethicalhacker.net/tag/se/" class="tag-cloud-link tag-link-443 tag-link-position-37" style="font-size: 8.875pt;" aria-label="se (6 items)">se</a> <a href="https://www.ethicalhacker.net/tag/social-engineering/" class="tag-cloud-link tag-link-72 tag-link-position-38" style="font-size: 13.25pt;" aria-label="social engineering (15 items)">social engineering</a> <a href="https://www.ethicalhacker.net/tag/training/" class="tag-cloud-link tag-link-51 tag-link-position-39" style="font-size: 10.75pt;" aria-label="training (9 items)">training</a> <a href="https://www.ethicalhacker.net/tag/tutorial/" class="tag-cloud-link tag-link-38 tag-link-position-40" style="font-size: 16.75pt;" aria-label="tutorial (29 items)">tutorial</a> <a href="https://www.ethicalhacker.net/tag/us/" class="tag-cloud-link tag-link-143 tag-link-position-41" style="font-size: 20.25pt;" aria-label="us (56 items)">us</a> <a href="https://www.ethicalhacker.net/tag/video/" class="tag-cloud-link tag-link-55 tag-link-position-42" style="font-size: 10.75pt;" aria-label="video (9 items)">video</a> <a href="https://www.ethicalhacker.net/tag/webapp-2/" class="tag-cloud-link tag-link-83 tag-link-position-43" style="font-size: 12.125pt;" aria-label="webapp (12 items)">webapp</a> <a href="https://www.ethicalhacker.net/tag/wireless-2/" class="tag-cloud-link tag-link-53 tag-link-position-44" style="font-size: 8pt;" aria-label="wireless (5 items)">wireless</a> <a href="https://www.ethicalhacker.net/tag/wireshark/" class="tag-cloud-link tag-link-334 tag-link-position-45" style="font-size: 8pt;" aria-label="wireshark (5 items)">wireshark</a></div> </div> </div><!--end inner-content--> </div><!--end sidebar--> </div><!--end .row--> </div><!--end .container--> </section> <!--END MAIN SECTION--> </div><!-- #main --> <div id="footer" class="footer-color border-top"> <div class="container"> <div class="template-page tpl-no"> <div class="wrap-content"> <div class="row"> <div class="col-sm-3"> <div id="footer-sidebar-1" class="footer-sidebar widget-area" role="complementary"> <div id="text-8" class="widget widget_text"> <div class="textwidget"><hr /> <h4><a href="https://www.elearnsecurity.com" target="_blank" rel="noopener noreferrer"><img class="alignright size-full wp-image-168257" src="https://www.ethicalhacker.net/wp-content/uploads/common/els_circle.png" alt="EH-Net - eLS Logo" width="95" height="89" /></a>The Ethical Hacker Network (EH-Net) is proud to be part of the <a href="https://www.elearnsecurity.com" target="_blank" rel="noopener noreferrer">eLearnSecurity</a> family.</h4> </div> </div> </div> </div> <div class="col-sm-3"> <div id="footer-sidebar-2" class="footer-sidebar widget-area" role="complementary"> <div id="bbp_views_widget-2" class="widget widget_display_views"> <ul> <li><a class="bbp-view-title" href="https://www.ethicalhacker.net/forums/view/popular/">Most popular topics</a></li> <li><a class="bbp-view-title" href="https://www.ethicalhacker.net/forums/view/no-replies/">Topics with no replies</a></li> </ul> </div> </div> </div> <div class="col-sm-3"> <div id="footer-sidebar-3" class="footer-sidebar widget-area" role="complementary"> <div id="bp_core_whos_online_widget-2" class="widget widget_bp_core_whos_online_widget buddypress widget"><h4 class="widget-title">Who&#8217;s Online</h4> <div class="widget-error"> There are no users currently online </div> </div> </div> </div> <div class="col-sm-3"> <div id="footer-sidebar-4" class="footer-sidebar widget-area" role="complementary"> <div id="bbpress-advanced-statistics-widget-2" class="widget widget_bbpress-advanced-statistics-widget"><h4 class="widget-title">Forum Statistics</h4><div class='bbpas-vers' id='bbpas-vers'><!-- Added by bbPress Advanced Statistics 1.5 --></div><div class='bbpas-active' id='bbpas-active'><div class="bbpas-header">There is currently 1 user and 2 guests online</div><span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/bobsuruncle777/"id="bbpress-advanced-statistics-29315857"title="Last Seen: 13 mins ago" class="bbpas-user">Bobsuruncle777</a></span></div><div class='bbpas-inactive' id='bbpas-inactive'><div class="bbpas-header">Activity within the past 24 hours: 57 users and 3 guests</div><span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/bobsuruncle777/"id="bbpress-advanced-statistics-29315857"title="Last Seen: 13 mins ago" class="bbpas-user">Bobsuruncle777</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/1qaz2wsx/"id="bbpress-advanced-statistics-29313902"title="Last Seen: 52 mins ago" class="bbpas-user">1qaz2wsx</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/permenterse3/"id="bbpress-advanced-statistics-29313730"title="Last Seen: 54 mins ago" class="bbpas-user">Permenterse3</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/webstores20/"id="bbpress-advanced-statistics-29313158"title="Last Seen: 60 mins ago" class="bbpas-user">webstores20</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/fb596ac/"id="bbpress-advanced-statistics-29313052"title="Last Seen: 1 hour ago" class="bbpas-user">fb596ac</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/kenjaq/"id="bbpress-advanced-statistics-29312618"title="Last Seen: 1 hour ago" class="bbpas-user">Kenjaq</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/nidhishah/"id="bbpress-advanced-statistics-29312169"title="Last Seen: 1 hour ago" class="bbpas-user">Nidhishah</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/combathero/"id="bbpress-advanced-statistics-29311920"title="Last Seen: 1 hour ago" class="bbpas-user">CombatHero</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/glitchinthematrix/"id="bbpress-advanced-statistics-29311021"title="Last Seen: 2 hours ago" class="bbpas-user">glitchinthematrix</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/astrocat/"id="bbpress-advanced-statistics-29310566"title="Last Seen: 2 hours ago" class="bbpas-user">astrocat</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/marzilise90/"id="bbpress-advanced-statistics-29310432"title="Last Seen: 2 hours ago" class="bbpas-user">Marzilise90</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/ursus-solaris/"id="bbpress-advanced-statistics-29310204"title="Last Seen: 2 hours ago" class="bbpas-user">Ursus-Solaris</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/amysmith/"id="bbpress-advanced-statistics-29308035"title="Last Seen: 3 hours ago" class="bbpas-user">Amysmith</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/jorad/"id="bbpress-advanced-statistics-29305493"title="Last Seen: 3 hours ago" class="bbpas-user">Jorad</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/cilindrobug/"id="bbpress-advanced-statistics-29304699"title="Last Seen: 3 hours ago" class="bbpas-user">cilindrobug</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/dimchris/"id="bbpress-advanced-statistics-29303598"title="Last Seen: 4 hours ago" class="bbpas-user">DimChris</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/cybops/"id="bbpress-advanced-statistics-29301129"title="Last Seen: 4 hours ago" class="bbpas-user">cybOps</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/ibudhaus/"id="bbpress-advanced-statistics-29300496"title="Last Seen: 5 hours ago" class="bbpas-user">ibudhaus</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/hydra-list/"id="bbpress-advanced-statistics-29300461"title="Last Seen: 5 hours ago" class="bbpas-user">hydra-list</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/elragoubi/"id="bbpress-advanced-statistics-29300324"title="Last Seen: 5 hours ago" class="bbpas-user">elragoubi</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/krunalvyas/"id="bbpress-advanced-statistics-29300239"title="Last Seen: 5 hours ago" class="bbpas-user">krunalvyas</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/fhb/"id="bbpress-advanced-statistics-29300140"title="Last Seen: 5 hours ago" class="bbpas-user">Fhb</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/djmc40/"id="bbpress-advanced-statistics-29299829"title="Last Seen: 5 hours ago" class="bbpas-user">djmc40</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/elliesmith/"id="bbpress-advanced-statistics-29299812"title="Last Seen: 5 hours ago" class="bbpas-user">Elliesmith</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/7f8e90d/"id="bbpress-advanced-statistics-29299002"title="Last Seen: 5 hours ago" class="bbpas-user">7f8e90d</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/sushantkamble/"id="bbpress-advanced-statistics-29296161"title="Last Seen: 6 hours ago" class="bbpas-user">Sushantkamble</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/abcd1234/"id="bbpress-advanced-statistics-29295033"title="Last Seen: 7 hours ago" class="bbpas-user">abcd1234</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/indiantrvlstore/"id="bbpress-advanced-statistics-29294934"title="Last Seen: 7 hours ago" class="bbpas-user">indiantrvlstore</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/unitedpills/"id="bbpress-advanced-statistics-29293069"title="Last Seen: 8 hours ago" class="bbpas-user">unitedpills</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/7azimo/"id="bbpress-advanced-statistics-29292399"title="Last Seen: 8 hours ago" class="bbpas-user">7azimo</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/deeppal/"id="bbpress-advanced-statistics-29292030"title="Last Seen: 8 hours ago" class="bbpas-user">deeppal</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/omg/"id="bbpress-advanced-statistics-29291159"title="Last Seen: 9 hours ago" class="bbpas-user">OMG</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/furball/"id="bbpress-advanced-statistics-29291079"title="Last Seen: 9 hours ago" class="bbpas-user">Furball</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/jonathanforley97/"id="bbpress-advanced-statistics-29289645"title="Last Seen: 9 hours ago" class="bbpas-user">jonathanforley97</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/oloohanrry/"id="bbpress-advanced-statistics-29287756"title="Last Seen: 10 hours ago" class="bbpas-user">oloohanrry</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/baaseeth-cs16bitsathy-ac-in/"id="bbpress-advanced-statistics-29286628"title="Last Seen: 10 hours ago" class="bbpas-user">baaseeth.cs16@bitsathy.ac.in</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/seba/"id="bbpress-advanced-statistics-29286413"title="Last Seen: 10 hours ago" class="bbpas-user">Seba</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/f0d6c25/"id="bbpress-advanced-statistics-29286197"title="Last Seen: 10 hours ago" class="bbpas-user">f0d6c25</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/sinanozdemir/"id="bbpress-advanced-statistics-29284064"title="Last Seen: 11 hours ago" class="bbpas-user">sinanozdemir</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/phamyen123/"id="bbpress-advanced-statistics-29280283"title="Last Seen: 13 hours ago" class="bbpas-user">phamyen123</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/alejandro/"id="bbpress-advanced-statistics-29279767"title="Last Seen: 13 hours ago" class="bbpas-user">Alejandro</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/rsriniva/"id="bbpress-advanced-statistics-29278688"title="Last Seen: 14 hours ago" class="bbpas-user">rsriniva</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/cyberhag/"id="bbpress-advanced-statistics-29274536"title="Last Seen: 16 hours ago" class="bbpas-user">cyberHag</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/zprototype/"id="bbpress-advanced-statistics-29274463"title="Last Seen: 16 hours ago" class="bbpas-user">zPrototype</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/redboy/"id="bbpress-advanced-statistics-29271244"title="Last Seen: 17 hours ago" class="bbpas-user">redboy</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/6audreyc813tb0/"id="bbpress-advanced-statistics-29271080"title="Last Seen: 17 hours ago" class="bbpas-user">6audreyc813tB0</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/yardiebirdie/"id="bbpress-advanced-statistics-29271032"title="Last Seen: 17 hours ago" class="bbpas-user">YardieBirdie</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/diirn/"id="bbpress-advanced-statistics-29270756"title="Last Seen: 17 hours ago" class="bbpas-user">Diirn</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/thatonechick/"id="bbpress-advanced-statistics-29270267"title="Last Seen: 17 hours ago" class="bbpas-user">thatonechick</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/tinex/"id="bbpress-advanced-statistics-29269574"title="Last Seen: 17 hours ago" class="bbpas-user">tinex</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/kberry70/"id="bbpress-advanced-statistics-29269401"title="Last Seen: 17 hours ago" class="bbpas-user">kberry70</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/mako/"id="bbpress-advanced-statistics-29269258"title="Last Seen: 17 hours ago" class="bbpas-user">mako</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/edmman/"id="bbpress-advanced-statistics-29269169"title="Last Seen: 17 hours ago" class="bbpas-user">edmman</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/totosite/"id="bbpress-advanced-statistics-29269007"title="Last Seen: 17 hours ago" class="bbpas-user">Totosite</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/valdimitrv/"id="bbpress-advanced-statistics-29269000"title="Last Seen: 17 hours ago" class="bbpas-user">valdimitrv</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/bobwyzguy/"id="bbpress-advanced-statistics-29268969"title="Last Seen: 17 hours ago" class="bbpas-user">bobwyzguy</a></span>, <span class="bbp-topic-freshness-author participant"><a href="https://www.ethicalhacker.net/members/zwaxy/"id="bbpress-advanced-statistics-29268834"title="Last Seen: 18 hours ago" class="bbpas-user">Zwaxy</a></span></div><div class='bbpas-forum_key' id='bbpas-forum_key'><div class="bbpas-key"><span class="keymaster">Keymaster</span> | <span class="moderator">Moderator</span> | <span class="participant">Participant</span> | <span class="spectator">Spectator</span> | <span class="blocked">Blocked</span></div></div><div class='bbpas-forum_stats' id='bbpas-forum_stats'><div class="bbpas-header">Additional Forum Statistics</div><span class="bbpas-title">Threads: </span>8,910, <span class="bbpas-title"> Posts: </span>54,475, <span class="bbpas-title"> Members: </span>24,657</div><div class='bbpas-last_user' id='bbpas-last_user'>Welcome to our newest member, <a href="https://www.ethicalhacker.net/members/bobsuruncle777/">Bobsuruncle777</a></div><div class='bbpas-most_users' id='bbpas-most_users'>Most users ever online was 48 on August 29, 2019 5:13 pm</div></div> </div> </div> </div> </div> </div> </div> </div><!-- #footer --> <a class="kleo-go-top" href="#"><i class="icon-up-open-big"></i></a> <!-- SOCKET SECTION ================================================ --> <div id="socket" class="socket-color"> <div class="container"> <div class="template-page tpl-no col-xs-12 col-sm-12"> <div class="wrap-content"> <div class="row"> <div class="col-sm-12"> <div class="gap-10"></div> </div><!--end widget--> <div class="col-sm-12"> <p style="text-align: center;"><strong>Copyright ©2019 Caendra, Inc.</strong></p> </div> <div class="col-sm-12"> <div class="gap-10"></div> </div><!--end widget--> </div><!--end row--> </div><!--end wrap-content--> </div><!--end template-page--> </div><!--end container--> </div><!--end footer--><div class="kleo-quick-contact-wrapper"><a class="kleo-quick-contact-link" href="#"><i class="icon-mail-alt"></i></a><div id="kleo-quick-contact"><h4 class="kleo-qc-title">Contact Us</h4><p>Thoughts, suggestions, issues? Send us an email, and we'll get back to you.</p><form class="kleo-contact-form" action="#" method="post" novalidate><input type="text" placeholder="Your Name" required id="contact_name" name="contact_name" class="form-control" value="" tabindex="276" /><input type="email" required placeholder="Your Email" id="contact_email" name="contact_email" class="form-control" value="" tabindex="277" /><textarea placeholder="Type your message..." required id="contact_content" name="contact_content" class="form-control" tabindex="278"></textarea><input type="hidden" name="action" value="kleo_sendmail"><button tabindex="279" class="btn btn-default pull-right" type="submit">Send</button><div class="kleo-contact-loading">Sending <i class="icon-spinner icon-spin icon-large"></i></div><div class="kleo-contact-success"> </div></form><div class="bottom-arrow"></div></div></div><!--end kleo-quick-contact-wrapper--> </div><!-- #page --> <!-- Analytics --> <script> ( function ( body ) { 'use strict'; body.className = body.className.replace( /\btribe-no-js\b/, 'tribe-js' ); } )( document.body ); </script> <script> /* <![CDATA[ */var tribe_l10n_datatables = {"aria":{"sort_ascending":": activate to sort column ascending","sort_descending":": activate to sort column descending"},"length_menu":"Show _MENU_ entries","empty_table":"No data available in table","info":"Showing _START_ to _END_ of _TOTAL_ entries","info_empty":"Showing 0 to 0 of 0 entries","info_filtered":"(filtered from _MAX_ total entries)","zero_records":"No matching records found","search":"Search:","all_selected_text":"All items on this page were selected. ","select_all_link":"Select all pages","clear_selection":"Clear Selection.","pagination":{"all":"All","next":"Next","previous":"Previous"},"select":{"rows":{"0":"","_":": Selected %d rows","1":": Selected 1 row"}},"datepicker":{"dayNames":["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],"dayNamesShort":["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],"dayNamesMin":["S","M","T","W","T","F","S"],"monthNames":["January","February","March","April","May","June","July","August","September","October","November","December"],"monthNamesShort":["January","February","March","April","May","June","July","August","September","October","November","December"],"monthNamesMin":["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"nextText":"Next","prevText":"Prev","currentText":"Today","closeText":"Done","today":"Today","clear":"Clear"}};/* ]]> */ </script><!-- Modal Login form --> <div id="kleo-login-modal" class="kleo-form-modal main-color mfp-hide"> <div class="row"> <div class="col-sm-12 text-center"> <div class="kleo-pop-title-wrap main-color"> <h3 class="kleo-pop-title">Sign in with Caendra</h3> </div> <iframe width="338" height="341" style="width:338px;height:341px;" src="https://www.caendra.com/oauth/v2/entrypoint/embedded?client_id=7_57a1pv1dtow80wcok0kkw0s84s8w0ww8wo08cowskswcggcsco&#038;scope=userinfo&#038;state=71225ab908&#038;redirect_uri=https%3A%2F%2Fwww.ethicalhacker.net%2Fwp-json%2Fcaendra%2FoauthCallback&#038;response_type=code&#038;sso_redirect_uri=https%3A%2F%2Fwww.ethicalhacker.net%2Fwp-json%2Fcaendra%2FssoCallback&#038;version=2"></iframe><div style="display:flex;align-items:center;justify-content:space-between;width:100%;padding:20px 30px;background-color:#f5f5f5;"><a href="https://www.caendra.com/forgot-password" target="_blank">Forgot password?</a><a href="/register">Sign up</a></div><script type="text/javascript"> (function() { function addMessageListener(callback) { if (window.addEventListener) { // For modern browsers window.addEventListener('message', callback, false); } else if (window.attachEvent) { // IE >= 10 support window.attachEvent('onmessage', callback); } } function onMessage(event) { // needed to avoid attacks if (event.origin !== 'https://www.caendra.com') { return; } if (event.data.type === 'user:signin') { window.location.replace(event.data.location); } } addMessageListener(onMessage); })(); </script> <span class="clearfix"></span> </form> </div> </div> </div><!-- END Modal Login form --> <!-- Modal Lost Password form --> <div id="kleo-lostpass-modal" class="kleo-form-modal main-color mfp-hide"> <div class="row"> <div class="col-sm-12 text-center"> <div class="kleo-pop-title-wrap alternate-color"> <h3 class="kleo-pop-title">Forgot your details?</h3> </div> <form id="forgot_form" name="forgot_form" action="" method="post" class="kleo-form-signin"> <input type="hidden" id="security-pass" name="security-pass" value="1fb033669d" /><input type="hidden" name="_wp_http_referer" value="/forums/topic/beginners-tips-for-testing-web-applicaiton/" /> <input type="text" id="forgot-email" required name="user_login" class="form-control" placeholder="Username or Email"> <div id="kleo-lost-result"></div> <button class="btn btn-lg btn-default btn-block" type="submit">Reset Password</button> <a href="#kleo-login-modal" class="kleo-show-login kleo-other-action pull-right">I remember my details</a> <span class="clearfix"></span> </form> </div> </div> </div><!-- END Modal Lost Password form --> <link rel='stylesheet' id='wp-mediaelement-css' href='https://www.ethicalhacker.net/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.2.4' type='text/css' media='all' /> <link rel='stylesheet' id='tribe-events-custom-jquery-styles-css' href='https://www.ethicalhacker.net/wp-content/plugins/the-events-calendar/vendor/jquery/smoothness/jquery-ui-1.8.23.custom.css?ver=4.9.9' type='text/css' media='all' /> <link rel='stylesheet' id='tribe-events-bootstrap-datepicker-css-css' href='https://www.ethicalhacker.net/wp-content/plugins/the-events-calendar/vendor/bootstrap-datepicker/css/bootstrap-datepicker.standalone.min.css?ver=4.9.9' type='text/css' media='all' /> <link rel='stylesheet' id='tribe-events-calendar-style-css' href='https://www.ethicalhacker.net/wp-content/plugins/the-events-calendar/src/resources/css/tribe-events-theme.min.css?ver=4.9.9' type='text/css' media='all' /> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/social-articles-premium/assets/js/parsley.js?ver=0.3'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/the-events-calendar/common/src/resources/js/tribe-common.min.js?ver=4.9.18'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/the-events-calendar/common/src/resources/js/tooltip.min.js?ver=4.9.18'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/bbpress/templates/default/js/editor.js?ver=2.5.14-6684'></script> <script type='text/javascript'> /* <![CDATA[ */ var bbpTopicJS = {"bbp_ajaxurl":"https:\/\/www.ethicalhacker.net\/forums\/topic\/beginners-tips-for-testing-web-applicaiton\/?bbp-ajax=true","generic_ajax_error":"Something went wrong. Refresh your browser and try again.","is_user_logged_in":"","fav_nonce":"7762f70f27","subs_nonce":"2553cbef9c"}; /* ]]> */ </script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/bbpress/templates/default/js/topic.js?ver=2.5.14-6684'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/bbpress/templates/default/js/reply.js?ver=2.5.14-6684'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/buddypress/bp-core/js/vendor/jquery.caret.min.js?ver=5.0.0'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/buddypress/bp-core/js/vendor/jquery.atwho.min.js?ver=5.0.0'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/buddypress/bp-activity/js/mentions.min.js?ver=5.0.0'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-includes/js/comment-reply.min.js?ver=5.2.4'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/themes/kleo/assets/js/bootstrap.min.js?ver=4.9.16'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/themes/kleo/assets/js/plugins/waypoints.min.js?ver=4.9.16'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/themes/kleo/assets/js/plugins/magnific-popup/magnific.min.js?ver=4.9.16'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/themes/kleo/assets/js/plugins/carouFredSel/jquery.carouFredSel-6.2.0-packed.js?ver=4.9.16'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/themes/kleo/assets/js/plugins/carouFredSel/helper-plugins/jquery.touchSwipe.min.js?ver=4.9.16'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.0.5'></script> <script type='text/javascript'> /* <![CDATA[ */ var kleoFramework = {"ajaxurl":"https:\/\/www.ethicalhacker.net\/wp-admin\/admin-ajax.php","themeUrl":"https:\/\/www.ethicalhacker.net\/wp-content\/themes\/kleo","loginUrl":"https:\/\/www.ethicalhacker.net\/wp-login.php","goTop":"1","ajaxSearch":"1","alreadyLiked":"You already like this","logo":"https:\/\/www.ethicalhacker.net\/wp-content\/uploads\/common\/Final_EHNET_Logo-01_cropped2.png","retinaLogo":"","headerHeight":"80","headerHeightScrolled":"0","headerTwoRowHeight":"70","headerTwoRowHeightScrolled":"0","headerResizeOffset":"","loadingmessage":"<i class=\"icon icon-spin5 animate-spin\"><\/i> Sending info, please wait...","DisableMagnificGallery":"0","flexMenuEnabled":"1","errorOcurred":"Sorry, an error occurred","bpAjaxRefresh":"20000"}; /* ]]> */ </script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-content/themes/kleo/assets/js/app.min.js?ver=4.9.16'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-includes/js/wp-embed.min.js?ver=5.2.4'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.2.4'></script> <script type='text/javascript' src='https://www.ethicalhacker.net/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.6-78496d1'></script> </body> </html>