-
How to protect your Hard Disk Drive from sudden failure
Hard Drive failures can be a pain as more often than not, data is always lost in the process. I have had some hard drives carelessly fail without notice thus losing data in the range of 1Tb (1 Terabyte). As frustrating as it was then it could actually have been avoided if I was smart enough…
-
Five (5) API security testing tools you need to know.
There are several tools that have been used to access API security. Depending on each organization’s needs, a certain tool can be the ideal option for one but not the other. Although the majority of these API security testing tools have free trials or versions, enterprise users will probably need to purchase licences or explore…
-
Virtual Private Database: A practical approach: Column Level VPD
Column Level VPD In my previous post, we did a practical on how to perform Row-level restriction using VPD policies. This practical will focus on the Column level restriction. And as said earlier we will be using the HR sample schema. In this tutorial, we are going to secure some columns in the HR table…
-
Virtual Private Database: A practical approach
In our previous post, we learnt what the Oracle Virtual Database was all about. If you haven’t read it click here. Without wasting much of your time, let get busy with our practicals What is needed Working Oracle database (10g and above) HR sample schema. Sql work environment (SQL Navigator, Toad, etc) Today’s tutorial will look at the following types…
-
Microsoft SQL Server Security check
SQL Server, owned by Microsoft is one of the leading data platforms used as a production database to store very sensitive data. We should all know by now that data is an organization’s most valuable asset. This makes it a necessity to efficiently secure the SQL Server database.This quick post will highlight some important back-end…
-
Exploiting the vulnerabilities in Oracle EBS user passwords with tips on how to protect against such exploits
A very nice reader asked if I could make a detailed post on how Oracle EBS user passwords can be hacked and extracted.This is a high risk and additionally a serious flaw on an Oracle EBS solution. Thus I decided to oblige and make the post. It is planned to be as easy to read as possible.Enjoy….. Also…
-
Oracle Database Native Auditing Features
Preventing attacks on the database is the only approach to securing the database. Detecting potential attacks is also as important after all, the best security in the world is not going to stop every attacker. This is where the advantage of auditing comes to play. Auditing allows us to monitor the environment and identify potential…
-
Understanding ARP Poisoning: A practical approach
ARP poisoning also known as ARP Spoofing is an attack on the network which allows the attacker to intercept network communication between the target computer and the network. This concept is called MAN-IN-THE-MIDDLE attack and it makes it easy to steal sensitive data like username and passwords, bank data etc.The man in the middle attack…
-
NOSQL . A summary of what it entails
NoSQL is a database management system that provides a means of storing and retrieving data.It uses a different approach which is completely different from the tabular relations used in relational databases that we are more used to.In this post I will summarize a quick understanding of what NoSQL is with its advantages/disadvantages and uses. There are three (3) common types…
-
11 Steps on how HTTPS Secure connection Handshake is established
Every HTTPS connection begins with what is called a HANDSHAKE which is the negotiation between a client and server detailing and agreeing on how they will communicate. The handshake determines the following: What cipher suite to be used to encrypt the communications, Serer verification by Client, Clients verification by Server Lets now go through the 11 steps…
-
Beware!! Sim card cloning is possible: A simple but technical explanation
Mobile phones have transcended from just making calls to being used as a private vault. Nowadays mobile phones are used to store extremely sensitive data including authentication to corporate and personal emails and most especially banking credentials. A high proportion of bank customers now have mobile phone numbers linked with their bank accounts due to…
-
SSLSCAN: Detecting security protocols in use on a server
SSLscan is another type of port scanner similar to NMAP. However its objective is to scan SSL ports to determine what security protocols or ciphers supported and/or preferred. In this blog post we will be looking at how to access and use SSLscan. It is very useful when it comes to testing security protocols accepted…
-
How to extract WIFI passwords through Windows Command Prompt
Have you ever experienced the situation where you wanted to utilise wifi configured to connect to one machine in an entirely new machine, but couldn’t remember the wifi password?In today’s post we will be looking at how we can extract wifi passwords via command prompt.To get this done a utility will be used called Netsh. According…
-
Checking for windows update from Command Prompt
For security reasons, it is important to ensure that your system is properly secured by ensuring it has the necessary security updates/Patch required.This post will focus on how to identify the status of your patch update. It will be done through the command line A patch is a set of changes to a computer program…
-
Breaking down Adware
What is Adware? Are all online Adverts adware? There is nothing more annoying than seeing unwanted advertisement pop-ups while watching your favourite show, playing a game online either on your computer or your laptop. Adverts ranging from how to be a millionaire in seven days, to how to burn belly fat overnight, and a lot…
-
How to use YASCA static code analysis tool
Yasca which is an acronym for “Yet Another Source Code Analyzer” is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open-source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types.…
-
Static Code Analysis. An Introduction
Static code analysis is a method in computer program debugging that is done by examining the code without actually executing the program. The process provides an understanding of the code structure and can help to ensure that the code adheres to laid down standards.Automated tools can assist programmers and developers and auditors in carrying out…
-
Introduction to Oracle Virtual Private Database
Oracle Virtual Private Database (VPD) enables you to create security policies or group policies to control database access at the row and column level. It allows multiple users to access a single schema while preventing them from accessing data which is not relevant to them. VPD uses Fine-Grained Access Control to limit the visibility of the data to…
-
How to use Mozilla firefox browser as a penetration testing tool with these add-ons
Mozilla Firefox, is a free and open-source web browser developed by the Mozilla Foundation. It is a very powerful browser with an impressive variety of plugins. A plugin is a piece of software that acts as an add-on to a web browser and gives the browser additional functionality.
-
Brute-forcing passwords on Microsoft SQL Server to test for weakness
SQL Server is a relational database solution created by Microsoft. It utilises several types of login to gain access to the database namely: Windows authentication which is the default, and is often referred to as integrated security because SQL Server security model is tightly integrated with Windows. In this type of authentication Windows users who have…
-
Google Dorks: The ultimate query engine
A Google Dork, also known as Google Dorking or Google hacking, is an advanced technique to retrieve or obtain information from google. It is mostly used to find vulnerable targets and sensitive data using advanced search queries. It is a valuable resource for security researchers. Google is known as a search engine used to find…
-
VLAN: A basic understanding
VLAN stands for Virtual Local Area Network. This is a local area network where the computers, servers and other network devices are LOGICALLY connected regardless of their physical location.
-
Data State Security in four minutes
A data state is described as the different condition of data while being utilized in a computing environment. The term is especially used in information security.In this post, you will learn the various states data can be in. As an added bonus, you will also learn the various ways we can also protect this data at each individual states.…
-
Oracle Database Security and Audit
Oracle database security and audit is important because oracles db is the most widely used database by most if not all organizations worldwide, from keeping records of customer data in banks, hospitals, etc, subscriber data and call logs by telecommunication companies to as big as keeping the entire identity record of citizens of a nation. Because…
-
Securing Active Directory Environments – Risk Concern
This post describes in detail the most common practices in securing any Active Directory deploment, in Enterprise environments
-
A Journey to Auditing Virtualization
Virtualization is the process of creating a virtual, representation of an entity, such as virtual applications, servers, storage and networks. It is the single most effective way to reduce Technology expenses by reducing hardware footprint while boosting efficiency and agility for all size businesses. However, good as it is, virtualization can create a single point…
About Me
Emily Parker
Fashion is a distinctive and often constant trend in the style in which a person dresses. It is the prevailing styles in behaviour.
Popular Categories
Journey of Ziri
New Block Theme
