#Enroll
Basics of Cloud Computing
Learn the Basics of Cloud Computing right from the Service Models to The Future of Cloud Computing in Detail.
https://www.udemy.com/course/basics-of-cloud-computing/?couponCode=D09349981999B0149135
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Basics of Cloud Computing
Learn the Basics of Cloud Computing right from the Service Models to The Future of Cloud Computing in Detail.
https://www.udemy.com/course/basics-of-cloud-computing/?couponCode=D09349981999B0149135
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Udemy
Basics of Cloud Computing
Learn the Basics of Cloud Computing right from the Service Models to The Future of Cloud Computing in Detail.
π’TERMUX ADVANCE GUIDEπ’
π°Ultimate Guide To Ethical Hacking With Termuxπ°
LINKπ
https://play.google.com/store/apps/details?id=com.androidexample.termux
#share & #supportus
-------------> @geekcode π
Share as more as π€©
π°Ultimate Guide To Ethical Hacking With Termuxπ°
LINKπ
https://play.google.com/store/apps/details?id=com.androidexample.termux
#share & #supportus
-------------> @geekcode π
Share as more as π€©
IP Addressing and Subnetting - Zero to Hero
Go from zero to advanced in IP addressing in a single course!
https://www.udemy.com/course/ip-addressing-zero-to-hero/?couponCode=HAPPY2021
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Go from zero to advanced in IP addressing in a single course!
https://www.udemy.com/course/ip-addressing-zero-to-hero/?couponCode=HAPPY2021
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Udemy
IP Addressing and Subnetting - Zero to Hero
Go from zero to advanced in IP addressing in a single course!
π΅ Injection Attack
ββββββββββββββ
β³οΈ A code injection happens when an attacker sends invalid data to the web application with the intention to make it do something that the application was not designed/programmed to do.
β³οΈ In simple words, an injection attack is one in which databases and other systems are vulnerable to such an extent that an attacker can inject malicious or untrusted data into the system. This occurs when untrusted data is sent to an interpreter as part of a command or query. Basically, the attacker's data tricks the interpreter into executing commands without adequate authorization.
β³οΈ the most common example around this security vulnerability is the SQL query consuming untrusted data. You can see one of OWASPβs examples below:
String query = βSELECT * FROM accounts WHERE custID = ββ + request.getParameter(βidβ) + βββ;
β³οΈ This query can be exploited by calling up the web page executing it with the following URL: http://example.com/app/accountView?id=β or β1β=β1 causing the return of all the rows stored on the database table.
(I will explain more about this queries and working of sql injection later)
β³οΈ The core of a code injection vulnerability is the lack of validation and sanitization of the data used by the web application, which means that this vulnerability can be present on almost any type of technology.
β³οΈ Anything that accepts parameters as input can potentially be vulnerable to a code injection attack.
#share & #supportus
-------------> @geekcode π
Share as more as π€©
ββββββββββββββ
β³οΈ A code injection happens when an attacker sends invalid data to the web application with the intention to make it do something that the application was not designed/programmed to do.
β³οΈ In simple words, an injection attack is one in which databases and other systems are vulnerable to such an extent that an attacker can inject malicious or untrusted data into the system. This occurs when untrusted data is sent to an interpreter as part of a command or query. Basically, the attacker's data tricks the interpreter into executing commands without adequate authorization.
β³οΈ the most common example around this security vulnerability is the SQL query consuming untrusted data. You can see one of OWASPβs examples below:
String query = βSELECT * FROM accounts WHERE custID = ββ + request.getParameter(βidβ) + βββ;
β³οΈ This query can be exploited by calling up the web page executing it with the following URL: http://example.com/app/accountView?id=β or β1β=β1 causing the return of all the rows stored on the database table.
(I will explain more about this queries and working of sql injection later)
β³οΈ The core of a code injection vulnerability is the lack of validation and sanitization of the data used by the web application, which means that this vulnerability can be present on almost any type of technology.
β³οΈ Anything that accepts parameters as input can potentially be vulnerable to a code injection attack.
#share & #supportus
-------------> @geekcode π
Share as more as π€©
π΄ some of the Types of Injections
ββββββββββββββ
β Depending on the type of database system, the programming language and other factors, there can be many different types of injections:
πΉ Code Injection
πΉ CRLF Injection
πΉ OS Command Injection
πΉ XSS
πΉ Email Header Injection
πΉ SQL Injection
Etc..
#share & #supportus
-------------> @geekcode π
Share as more as π€©
ββββββββββββββ
β Depending on the type of database system, the programming language and other factors, there can be many different types of injections:
πΉ Code Injection
πΉ CRLF Injection
πΉ OS Command Injection
πΉ XSS
πΉ Email Header Injection
πΉ SQL Injection
Etc..
#share & #supportus
-------------> @geekcode π
Share as more as π€©
π΅ How do you prevent code injection vulnerabilities?
β Preventing code injection vulnerabilities really depends on the technology you are using on your website. For example, if you use WordPress, you could minimize code injection vulnerabilities by keeping it to a minimum of plugin and themes installed.
πΉ If you have a tailored web application and a dedicated team of developers, you need to make sure to have security requirements your developers can follow when designing and writing software. This will allow them to keep thinking about security during the lifecycle of the project.
β οΈ Here are OWASPβs technical recommendations to prevent SQL injections:
π Preventing SQL injections requires keeping data separate from commands and queries.
πΉThe preferred option is to use a safe API, which avoids the use of the interpreter entirely or provides a parameterized interface or migrate to use Object Relational Mapping Tools (ORMs). Note: Even when parameterized, stored procedures can still introduce SQL injection if PL/SQL or T-SQL concatenates queries and data, or executes hostile data with EXECUTE IMMEDIATE or exec().
πΉ Use positive or βwhitelistβ server-side input validation. This is not a complete defense as many applications require special characters, such as text areas or APIs for mobile applications.
πΉ For any residual dynamic queries, escape special characters using the specific escape syntax for that interpreter. Note: SQL structure such as table names, column names, and so on cannot be escaped, and thus user-supplied structure names are dangerous. This is a common issue in report-writing software.
πΉ Use LIMIT and other SQL controls within queries to prevent mass disclosure of records in case of SQL injection.
#share & #supportus
-------------> @geekcode π
Share as more as π€©
β Preventing code injection vulnerabilities really depends on the technology you are using on your website. For example, if you use WordPress, you could minimize code injection vulnerabilities by keeping it to a minimum of plugin and themes installed.
πΉ If you have a tailored web application and a dedicated team of developers, you need to make sure to have security requirements your developers can follow when designing and writing software. This will allow them to keep thinking about security during the lifecycle of the project.
β οΈ Here are OWASPβs technical recommendations to prevent SQL injections:
π Preventing SQL injections requires keeping data separate from commands and queries.
πΉThe preferred option is to use a safe API, which avoids the use of the interpreter entirely or provides a parameterized interface or migrate to use Object Relational Mapping Tools (ORMs). Note: Even when parameterized, stored procedures can still introduce SQL injection if PL/SQL or T-SQL concatenates queries and data, or executes hostile data with EXECUTE IMMEDIATE or exec().
πΉ Use positive or βwhitelistβ server-side input validation. This is not a complete defense as many applications require special characters, such as text areas or APIs for mobile applications.
πΉ For any residual dynamic queries, escape special characters using the specific escape syntax for that interpreter. Note: SQL structure such as table names, column names, and so on cannot be escaped, and thus user-supplied structure names are dangerous. This is a common issue in report-writing software.
πΉ Use LIMIT and other SQL controls within queries to prevent mass disclosure of records in case of SQL injection.
#share & #supportus
-------------> @geekcode π
Share as more as π€©
π AlgoExpert All courses Free π
βͺοΈWhat is AlgoExpert?
AlgoExpert is an interview prep platform for software engineers. It's specifically geared towards those who want to work at a FAANG-level company. Featuring a robust interactive coding environment, AlgoExpert also has expansive video solutions.
SIZE : 20 GB +
Download link :
https://mega.nz/folder/qI1SEAKQ#0scBk0i_Y0dwgrlb5yehRw
#share & #supportus
-------------> @geekcode π
Share as more as π€©
βͺοΈWhat is AlgoExpert?
AlgoExpert is an interview prep platform for software engineers. It's specifically geared towards those who want to work at a FAANG-level company. Featuring a robust interactive coding environment, AlgoExpert also has expansive video solutions.
SIZE : 20 GB +
Download link :
https://mega.nz/folder/qI1SEAKQ#0scBk0i_Y0dwgrlb5yehRw
#share & #supportus
-------------> @geekcode π
Share as more as π€©
mega.nz
File folder on MEGA
Practical Web Design & Development: 7 Courses in 1
Master in Practical Web design and development using Photoshop, HTML5, CSS3, Bootstrap and more.
https://www.udemy.com/course/learn-web-design-html-css-adobe-photoshop/?couponCode=WEB7CHRISTMAS20F
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Master in Practical Web design and development using Photoshop, HTML5, CSS3, Bootstrap and more.
https://www.udemy.com/course/learn-web-design-html-css-adobe-photoshop/?couponCode=WEB7CHRISTMAS20F
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Udemy
Practical Web Design & Development: 7 Courses in 1
Master Practical Web Design & Development with Photoshop, HTML5, CSS3, Bootstrap, UI/UX, Responsive Design & More
#enroll
Scrum Fundamentals for Scrum Master and Agile Projects- 2020
Master the Scrum concepts necessary for Scrum Master Certification & Agile Scrum Project Management
https://www.udemy.com/course/scrum-genman/?couponCode=SCRUMNEWYR
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Scrum Fundamentals for Scrum Master and Agile Projects- 2020
Master the Scrum concepts necessary for Scrum Master Certification & Agile Scrum Project Management
https://www.udemy.com/course/scrum-genman/?couponCode=SCRUMNEWYR
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Udemy
Scrum Fundamentals for Scrum Master and Agile Projects
Everything you need to know to get started with Agile Scrum: Team, Events, Artifacts & Agile Project Management Concepts
#enroll
React Basics for beginners
Learn react basics from scratch with functional components and Hooks with axios.
https://www.udemy.com/course/react-basics-for-beginners/?couponCode=SHEYYYY
#share & #supportus
-------------> @geekcode π
Share as more as π€©
React Basics for beginners
Learn react basics from scratch with functional components and Hooks with axios.
https://www.udemy.com/course/react-basics-for-beginners/?couponCode=SHEYYYY
#share & #supportus
-------------> @geekcode π
Share as more as π€©
Udemy
React Basics for beginners
Learn React basics from scratch with functional components and Hooks with axios.