Published on: April 25, 2020 10:00 pm | Comments: none | Tags: dkim, dmarc, email, spf, spoofing
This document describes email spoofing phenomenon on how, when and why it works. That, by explaining how email sending/receiving protocols work, through using analogies with the postal mailing service. Using the same analogy, three well known email protection mechanisms are described. The SPF, DKIM and DMARC email authentication protocols are explained on their functional level. Additionally, their vulnerabilities are described, and the ways an attacker can exploit them. In the end, it is concluded that using all three together is the best solution for now against email spoofing and securing your email domain.
Published on: August 27, 2017 9:31 pm | Comments: none | Tags: Authenticity, Confidentiality, Cryptography, Digital Certificates, Digital Signatures, Non-Repudiation, Public-Key
Assuming that you already have knowledge on overall cryptography systems & terminology (encrypt, decrypt, cipher, hash etc.). The intention of this post is just to clarify the main concepts of Public-Key Cryptography. Mainly this post describes the following concepts: Confidentiality, Authenticity, Non-Repudiation, Digital Signatures, Digital Certificates
Published on: September 20, 2016 3:11 am | Comments: none | Tags: antisamy, code, countermeasures, HTTP Headers, injection, ModSecurity, OWASP, Prepared Statements, prevention, sql, Web Application Frameworks, xss
Code Injection is the most common vulnerability in Applications. Here we will discuss the ways of how we can prevent that from happening. We will show different techniques and discuss and their advantages and disadvantages.
Published on: August 3, 2016 10:30 am | Comments: none | Tags: code, cross-site, Department of Defense, details, examples, injection, Pentagon, scripting, xss
Published on: July 12, 2016 10:30 am | Comments: none | Tags: blind, compounded, dbms, details, example, examples, explained, injection, specific, sql
SQL Injection is a type of code injection attack that takes place in data-driven applications via SQL statements. This is a case when applications carelessly fully trust the user input. This post explain in details how this attack works and how to exploit it.