Daily Learning - Day 25

Date: 25th February 2017

Below are the topics i learnt today..

Follow Hashtag: #SKC100DaysofLearning

Topic 1: Security - Find the Technology Components used in Web Application.


Are you interested to know which websites use a certain technology

Wappalyzer is a browser extension that uncovers the technologies used on websites. It detects content management systems, eCommerce platforms, web servers, JavaScript frameworks, analytics tools and many more.

Install this on your web browser:  https://wappalyzer.com/download



Topic 2: Security - Massive Bug May Have Leaked User Data From Millions of Sites. So … Change Your Passwords

THE INTERNET INFRASTRUCTURE company Cloudflare, which provides a variety of performance and security services to millions of websites, revealed late Thursday that a bug had caused it to randomly leak potentially sensitive customer data across the internet.

And the Bug is called as - "CloudBleed"

Lessons Learnt:

  • It is necessity to know, the third-party components of code added to your application.           See Topic -1 : To find out the Third-Party Components and Server Details.


  • Check if there are any vulnerabilities recorded on the Third-Party Components and Server. It may not be their code is perfect
  • When you see any Bug, even not serious. Act quickly to address the Bug as a Preliminary Fix after learning about the Bug.
  • Permanently Patch the Bug on the systems.
  • To Mitigate the risk, Option is to Change the Password which ever sites linked to Cloudfare.
  • Other Options for Defense: 2-FA Security Authorization.




Tool: Find out which CDN Service, your website is using.


Change.Org uses Cloudfare as CDN Service.





Posted in | Leave a comment Location: Mysuru, Karnataka 570001, India

Daily Learning - Day 24

Date: 22nd February 2017

Below are the topics i learnt today..

Topic 1: Security - User Supplied Input-Data on URL 

If you are testing any website and see any URL and add some characters in the URL. Check what happens.

You may see errors from application or from web server.

Note: Receiving error from web server could share information about your server.





Topic 2: Security - User Supplied Input-Data for Login 

Consider a logon screen that asks for a username and password. If the application returns one error message for an incorrect username and another message for an incorrect password. This means, attacker has guessed either of them .

The danger is that the attacker now knows that he has correct username. Now his next step is to crack the password.



Topic 3: Non-Tech: Apology 

There are 6 kinds of Apologies.

  1. "It's Regretful that.." - It doesn't require you need to admit you did wrong. You're just sorry it happened..
  2. "It seems that errors occurred.." - Acknowledging that something bad happened, but you didn't have anything to do with it.
  3. "Apology directed at another issue or person.." - I'm sorry, you misunderstood my intent.
  4. "Apology used as emphasis to make a point.." - I'm sorry, the show is not good.
  5. "Apologies in Advance.." - I'm sorry, if this hurts to you.
  6. "Deflective Apologies.."  - "I am in search of my soul and peace"
Don't Apologise in expectation of receiving an apology from others.

Don't Apologise if your intentions where misinterpreted. 

Don't Apologise to blame someone else

And.. Don't Apologise for every day behaviours.



Posted in | Leave a comment Location: Mysuru, Karnataka 570001, India

Daily Learning - Day 23

Date: 21st February 2017

Below are the topics i learnt today..

Topic 1: HTTPS -- But NOT Completely

If you are testing any website and Chrome Browser says: Secured. Don't Assume, its completely secured.

Exercise: Visit the website : https://threatpost.com 

It is HTTPS and Secured Padlock in Chrome Browser.

But if you see the Icons below: Twitter, Facebook etc. are actually not  HTTPS URL's.

Note: Everything should be in HTTPS to be Secured completely.




Posted in | Leave a comment Location: Mysuru, Karnataka 570001, India