Any security evaluation involves three components:

* Preparation: In this phase, a formal contract is signed between an ethical hacker and the authority of the organization that contains a non-disclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that he may face during the conduct phase. The contract also outlines the infrastructure perimeter, evaluation activities, time schedules, and resources available to him.
* Conduct: In this phase, the evaluation technical report is prepared based on testing potential vulnerabilities.
* Conclusion: In this phase, the results of the evaluation are communicated to the organization and corrective advice/action, if needed, is taken.

Explore More

What is DNS hijacking?

DNS hijacking is the process of altering the name server records and redirecting the users to a bogus website. As everyone knows every domain name depends on its name server

Read More

CRLF Injection

CRLF Injection Overview CRLF Injection is typically used in HTTP Response Splitting. In the HTTP specification there is a spec stating that the HTTP header is to be split from

Read More

Complete MySQL Injection

Credit go to sam207 TABLE OF CONTENT: #INTRO #WHAT IS DATABASE? #WHAT IS SQL INJECTION? #BYPASSING LOGINS #ACCESSING SECRET DATA #Checking for vulnerability #Find the number of columns #Addressing vulnerable

Read More