I have installed nikto on ubuntu 12.04 .when i am trying to scan targets oves ssl .It is sayin no SSL supoort .Please help me confgure nikto . On nikto website below line is written ,but not explai...

I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' This ch...

Where can I get Flutter App security documentation or best practice? I am nearly ready to publish my app. I use online (free version) https://www.ostorlab.co/report/ and check the security of my a...

How to pass authentication details to the ZAP tool to scan the website. Please help me to solve the problem.

I have a website on which i let the user edit the frontend of the website. The user only has access to an editor, not to the server its hosted on. The user asked me to also allow javascript. Th...

I was looking for a way to enable stack canaries for my ios application in swift but then i found that recent version of xcodes have the flag required to enable stack canaries is enabled by default...

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be inst...

A recent whitehat scan made me aware of SQL Server's best fit unicode transformations. This means that when a string containing unicode characters is converted to a non-unicode string, SQL Server w...

I would like to test our web application with the Wapiti scanner. In my scenario, I am assuming the attacker would be an authenticated user. How do I configure Wapiti to use a specific username and...

I have been performing some xss / javascript-injection / penetration-testing on my asp.net site recently and noticed that modern web-browser (ie latest FF and Chrome) are escaping the urls entered ...

To put this briefly I am testing a Google drive form that will record votes for a school election to ensure that it is secure. Is there a way to open a form from the shared URL and list/input dat...

I am trying to understand how SQLmap works. For example, sqlmap finds injection on my site - Place: GET Parameter: selected Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payloa...

I've been trying to break this up for a few hours now but with no success... I am pretty desperate now :( I am doing penetration testing for a company and I need to bypass this frame killer JS: &...

Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the...

Question ASP and ASP.NET web applications use a value called VIEWSTATE in forms. From what I understand, this is used to persist some kind of state on the client between requests to the web server...

I am trying to perform a buffer overflow attack on a program for a class assignment. Both the attack program as well as the vulnerable programme is written by me. The vulnerable code uses scanf to...

First of all, I want to avoid a flame-war on languages. The languages to choose from are Perl, Python and Ruby . I want to mention that I'm comfortable with all of them, but the problem is th...

I am planning to check my website against all common security vulnerabilities like cross site scripting ,sql injection etc. Can somebody tell me is there any automated tool which I can run fo...