Fortifying Our Application: Preparing Against the OWASP Top 10

2023-07-242023-07-22 ~ Tom's IT Cafe ~ Leave a comment

The OWASP Top 10 is a widely recognized list of the most critical security risks for web applications. It is updated every few years based on data analysis and community feedback. The latest version, released in 2021, introduces some new categories and changes some existing ones to reflect the current threat landscape.

As developers, we should be aware of these risks and take steps to prevent them in our applications. In this blog post, we will briefly review each of the OWASP Top 10 categories and provide some best practices and resources to help us secure our code.

Continue reading →

Automating web services using Ansible

2023-06-212023-06-17 ~ Tom's IT Cafe ~ Leave a comment

Web services are applications that run on the internet and provide functionality to other applications or users. They can be complex and require a lot of configuration and maintenance. Ansible is a tool that helps us automate the deployment and management of web services. It allows us to write simple and declarative scripts that describe the desired state of our web services, and then execute them on multiple servers. Ansible also handles the dependencies, errors, and changes that may occur during the automation process. By using Ansible, we can save time, reduce errors, and ensure consistency and reliability of our web services.

Continue reading →

Penetration Testing the OWASP Juice Shop: Exploring SQL Injection with Burp Suite

2023-06-122023-06-03 ~ Tom's IT Cafe ~ 3 Comments

Welcome to the first installment of our restarted blog series, where we dive into the fascinating world of penetration testing. Today we focus on the OWASP Juice Shop application. In this series, we will explore various vulnerabilities within the Juice Shop and demonstrate how to exploit them to enhance your security testing skills. Today, we begin with one of the most common and dangerous web application vulnerabilities: the SQL injection.

Continue reading →

TryHackMe | RootMe [CTF write-up]

2023-03-092023-03-09 ~ Tom's IT Cafe ~ Leave a comment

RootMe is a bite sized WEB upload form and Linux privilege escalation exercise.

Continue reading →

How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!

2023-01-272023-04-28 ~ Tom's IT Cafe ~ Leave a comment

With Burp Suite we can initiate dictionary attacks against a website. This time in this simulated attack we will brute force the login field of the Juice Shop web application. We already know the email address of an admin user, so we have to make sure to find the right password.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading →

How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!

2023-01-232023-04-28 ~ Tom's IT Cafe ~ Leave a comment

The OWASP Top 10 is a standard awareness document that lists the most common weaknesses of modern web applications. Burp Suite will help our application security testing along the Developer Mode of the browser. We will break in to the OWASP Juice Shop, the most modern and sophisticated insecure web shop.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading →

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31