Jānis Valters
Ethical Penetration tester / DevSecOps / IT Solution Developer / System administrator
SQL injection UNION attacks
When an application is vulnerable to SQL injection and the results of the query are returned within the application’s responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL injection UNION attack. The UNION keyword lets you execute one or more additional SELECT queries and append the results to the…
SQL injection
In this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection. What is SQL injection (SQLi)? SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an…
Cross-site WebSocket hijacking
In this section, we’ll explain cross-site WebSocket hijacking (CSWSH), describes the impact of a compromise, and spell out how to perform a cross-site WebSocket hijacking attack. What is cross-site WebSocket hijacking? Cross-site WebSocket hijacking (also known as cross-origin WebSocket hijacking) involves a cross-site request forgery(CSRF) vulnerability on a WebSocket handshake. It arises when the WebSocket handshake request…
What are WebSockets
WebSockets is a bi-directional, full-duplex communications protocol initiated over HTTP. They are commonly used in modern web applications for streaming data and other asynchronous traffic. In this section, we’ll explain the difference between HTTP and WebSockets, describe how WebSocket connections are established, and outline what WebSocket messages look like. What is the difference between HTTP and…
Testing for WebSockets security vulnerabilities
In this section, I’l explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with WebSockets, and give some examples of exploiting WebSockets vulnerabilities. WebSockets WebSockets are widely used in modern web applications. They are initiated over HTTP and provide long-lived connections with asynchronous communication in both directions….
How to install Docker and Docker Compose on Ubuntu 20.04 using Ansible
In this tutorial ( how-to ) I will show you an easy way to install Docker and Docker Compose on a Ubuntu server 20.04 LTS using the well-known DevOps tool Ansible. How this is a basic setup. 1 Requirements To start you would need Ansible, now Ansible you can install on any Linux distributor and…
How to Enable SSH on Kali Linux
By default, Kali Linux doesn’t have SSH enabled since it is more used as a desktop version. But for example, if you have a static IP or VPN to your internal network and would like to access your Kali Linux on what you have needed documents, scripts, or installed services that are needed for Penetration…
How to configure SoftEther VPN on Ubuntu 20.0 LTS
Now if you have read my previous post on “How to Setup SoftEther VPN on Ubuntu 20.0 LTS” and have installed SoftEther VPN, then in this post you will find information How to configure SoftEther VPN. So, let’s get started. Open your Terminal and login to your server with root user or by becoming root…
How to Setup SoftEther VPN on Ubuntu 20.0 LTS
With all the COVID-19 pandemic data thieves have become more active in stealing data and also many companies would like to know more about you or what you do by adding a tracer to Smartphone/Pad applications. Of course, some people have nothing to hide, but it is more a question of principle do you want…
How to install Zabbix Server 5.0 LTS on Ubuntu 20.0 LTS
Today there was planned to come out a tutorial about how to setup self-hosted VPN on Linux Machine, that supports many protocols, but I didn’t finish the second part that also is needed, the VPN configuration part, and therefore since I was needed to install Zabbix on few servers, I created this tutorial that was…