JWT security test cases

 


Comments

Post a Comment

Popular posts from this blog

Image
Securing AI: Safeguarding the Future of Intelligent Systems Featured Image: Unsplash Artificial Intelligence (AI) is revolutionizing industries, from healthcare to finance, by enabling automation, personalization, and data-driven decision-making. However, as AI systems grow more pervasive, their security vulnerabilities are becoming a critical concern. 📊 Quick Stat : By 2025, 30% of enterprises will prioritize AI-specific security tools to combat adversarial attacks ( Gartner ). Why AI Security Matters Source: Getty Images AI systems are not just code; they’re dynamic entities trained on vast datasets. Their security is critical because: High Stakes : AI powers autonomous vehicles, medical diagnostics, and critical inf...
Read more

Simulating SYN Flooding Attack(DOS)

Image
  Basic 3 way TCP Handshake: State during Sync flooding attack   Example of DDOS attack with hping3  and kali linux: Note:  In this case both attacker’s system and victim server are in same network . Step#1: Victim server: 192.168.1.100 Step#2: Attacker’s system: 192.168.1.102 Step#3: Install hping3 in kali using below command # sudo apt-get install hping3 Step#4: Now, attacker will use hping3 or another tool to spoof IP random addresses, The using below command start and direct the SYN flood attack to our target (192.168.1.100): # hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.100 Now SYN flooding attack has started. Let’s explain in detail the above command: -c 150000 : Indicates that we are sending 15000 packets -d 120 : Indicates each packet is of 120 bytes -S : Specifying SYN flag should be enabled. -w 64: Indicates TCP window size of 64 -p 80: Specifying port to attack victims webserver at port 80 --rand-source: Used to generate...
Read more

Drozer - A Framework for Android Application Security Assessment.

Image
1.             Introduction 1.1   This document explains how to get started with Drozer, and how to use it to perform a security assessment of an android application. 1.1.      Drozer Drozer is a python based comprehensive security audit and attack framework for Android. It is an open-source framework, used for android pen-testing. It works like a client-server model and makes use of Android’s Inter-Process Communication (IPC) mechanism to interact with the underlying operating system of the device. IPC is a mechanism by which different components of android like intents and data binders communicate with each other so that the communication is established between the apps present in the android device. Drozer helps to remotely exploit android devices with predefined and custom modules that exploit known vulnerabilities. 1.2.      Conventions used Throughout this docu...
Read more