you are browsing the Methodology category

Investigating uPNP with Python for fun and profit

Post author:jonathansblog
Post published:January 18, 2021
Post category:Development Kali Linux Methodology Pentest
Post comments:0 Comments

Investigating uPNP with python for fun and profit. SSDP is an interesting uPNP protocol - devices advertise their capabilities on the network and leak valuable information. SSDP is very similar…

Scrum Alliance Certified Scrum Master

Post author:jonathansblog
Post published:September 26, 2020
Post category:Methodology
Post comments:0 Comments

I've been training over the last 4 weeks for my Scrum Alliance Certified Scrum Master Certification. I took an online course, which was delivered over zoom in real time (as…

Defending Against Injection Attacks Through Context-Sensitive String Evaluation

Post author:jonathansblog
Post published:July 1, 2020
Post category:Methodology SQL Technology
Post comments:0 Comments

300 word summary for Defending Against Injection Attacks What is the paper about? Defending Against Injection Attacks Through Context-Sensitive String Evaluation introduces CSSE - Context-Sensitive String Evaluation - a way to…

Introduction to APIs

Post author:jonathansblog
Post published:June 24, 2020
Post category:Methodology Pentest
Post comments:0 Comments

What is an API (Introduction to APIs) Carrying on from my previous posts on SOA here and here I thought it may be useful to write a post on what…

AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks

Post author:jonathansblog
Post published:June 17, 2020
Post category:Methodology Pentest SQL
Post comments:0 Comments

300 word summary: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. Provides a valuable background section on the countermeasures for SQL injection attacks: Defensive ProgrammingGeneral Techniques against SQLiStatic Analysis techniques…

Evaluation of SQL injection testing tools and techniques

Post author:jonathansblog
Post published:June 14, 2020
Post category:Methodology SQL
Post comments:0 Comments

My MSc Thesis in 2016 was titled Evaluation of SQL injection testing tools and techniques. I had a quick look through all my old uni work looking for content to…

sql injection attack types – a list of sqli types and papers

Post author:jonathansblog
Post published:June 10, 2020
Post category:Methodology Pentest SQL
Post comments:0 Comments

My research notes about the different types of sqli - sql injection attack types; inband (eg reading errors from the screen) out-of-band (getting information from a different channel eg from…

Securing Web Application Code by Static Analysis and Runtime Protection

Post author:jonathansblog
Post published:June 3, 2020
Post category:Methodology
Post comments:0 Comments

What is the paper about? a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection Who is the intended audience? researchers Is title/abstract…

A Classification of SQL Injection Attacks and Countermeasures

Post author:jonathansblog
Post published:May 27, 2020
Post category:Methodology
Post comments:0 Comments

This paper (A Classification of SQL Injection Attacks and Countermeasures) has an excellent section on Injection mechanisms - the way that sql code is modified to actually perform the injection…