- Видео 6
- Просмотров 17 325
Predatech
Великобритания
Добавлен 18 окт 2020
Predatech is a CREST accredited cyber security consultancy. We'll aim to create videos that share our knowledge and experience on all things cyber security.
Strict Transport Security - HTTP Security Headers
In this video we look at the HTTP Strict Transport Security header which tells the browser to upgrade all HTTP requests to HTTPS and mitigates a range of Man-in-the-Middle Attacks.
Predatech:
Website - predatech.co.uk
Twitter - PredatechSec
Facebook - predatechsec
Linkedin - linkedin.com/company/predatech
Cyber Essentials/Cyber Essentials Plus Certification - predatech.co.uk/services/cyber-essentials-certification/
Penetration Testing - predatech.co.uk/services/web-application-penetration-testing/
Predatech:
Website - predatech.co.uk
Twitter - PredatechSec
Facebook - predatechsec
Linkedin - linkedin.com/company/predatech
Cyber Essentials/Cyber Essentials Plus Certification - predatech.co.uk/services/cyber-essentials-certification/
Penetration Testing - predatech.co.uk/services/web-application-penetration-testing/
Просмотров: 291
Видео
Introduction - HTTP Security Headers
Просмотров 502Год назад
In the first video in our HTTP Security Headers mini series, we introduce what security headers are available - including those that are deprecated and active, and give a brief synopsis of the major headers. Predatech: Website - predatech.co.uk Twitter - PredatechSec Facebook - predatechsec Linkedin - linkedin.com/company/predatech Cyber Essentials/Cyber Essentials Plus...
Building Secure Web Applications - A Practical Introduction for Developers
Просмотров 3042 года назад
In this introduction to secure application development we explore how you can add security to each stage of your software development life cycle and we discuss the resources available that can help you add structure to your security program. Good web application security practices are critical to reducing the overall risk posed to your application and implementing a structured program will allo...
An Introduction to the OWASP Top 10 (Web Application Security Risks)
Просмотров 9 тыс.3 года назад
In this video we'll be taking a look at OWASP and the OWASP Top 10, providing a basic introduction into what the OWASP Top 10 is and briefly exploring each of the Top 10 in more detail. Please see the links below if you'd like to learn more about OWASP and the OWASP Top 10: owasp.org owasp.org/www-project-top-ten/ Please get in touch if you'd like to learn more about how Predatech can help you ...
Bypassing Brute-Force Protection (Authentication) | Web Application Pentesting Guide
Просмотров 7 тыс.3 года назад
In this module we look at some of the common authentication brute-force protection mechanisms used by modern web applications and how a penetration tester might bypass these controls. We demonstrate some basic techniques attackers and penetration testers may use to get around mechanisms such as account lockout, IP address lockout and rate limiting using PortSwigger's labs and Burp Suite Profess...
What is Penetration Testing? - A Guide for Businesses
Просмотров 3183 года назад
A detailed guide for businesses that explores what penetration testing is, the typical approach and why penetration testing can be super beneficial in helping you improve your security posture. Feel free to contact us at info@predatech.co.uk if you're a business and want to know more about how penetration testing can benefit you. Facebook: predatechsec Twitter: Predatec...
the counter rest ithink its possible to do it with only one user not many users right?
Great video for learning. But is there any way to bypass FTP brute force protection when using the FTP brute force tools like hydra or ncrack?
Nice stuff. Liked and subbed!
Thanks, man. Cheers.
what do you do when the login page is not reporting any variables like "username" or "password" and Burp Suite doesn't see it?
The first step would be to identify the parameters that are used to authenticate to the application (once the POST request is made), usually they will be along the lines of 'user' and 'pass' but you will need to enter some placeholder credentials and see which parameters they show up in. It's also common for applications to have the user authenticate by non-traditional means such as a 'magic link' that is emailed to the user to allow them to log in instead so it's all about understanding the authentication flow and following it through with Burp Suite. Hopefully this helps :)
how can i remove 2 factor authenticator to my email that i cannot open because of this 2 factor authenticator ,
Thank you.. the video was very useful