1) Filtering User Input: When a user inputs data into the website, the developers want it to be filtered as strictly as possible while still getting the same output as if there was no filter.
2) Response Headers: Within HTTP response headers, developers can prevent XSS that aren't supposed to have any HTML or JavaScript, they can easily use the Content-Type and X-Content-Type-Options headers to make sure that browsers are able to respond the way it's intended.
Networking is a massive topic, but when starting into cyber security; you have to know the commonly used methods to uncover the potential areas of interest as an attacker you can leverage.
1. The OSI Model: can be seen as a universal language for computer networking. It’s based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last.
Read more: bit.ly/3DkBEZs
2. Encapsulation: This is the process of adding additional information when data is traveling in the OSI or TCP/IP model. The additional information has been added on the sender’s side, starting from the Application layer to the Physical layer.
Read more: bit.ly/3wNOGMh
Let me know if I missed an awesome OSINT Tool. #OSINT#infosec
1. Maltego: Specializes in uncovering relationships among ppl, companies, domains, and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered info and plotting it all out in easy-2-read charts and graphs. #maltego
2. Mitaka: Available as a Chrome extension and Firefox add-on, #Mitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, #Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser.