Advisories and Vulnerabilities (215 entries)
These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.
Error Messages (68 entries)
Really retarded error messages that say WAY too much!
Files containing juicy info (230 entries)
No usernames or passwords, but interesting stuff none the less.
Files containing passwords (135 entries)
PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!
Files containing usernames (15 entries)
These files contain usernames, but no passwords… Still, google finding usernames on a web site..
Footholds (21 entries)
Examples of queries that can help a hacker gain a foothold into a web server
Pages containing login portals (232 entries)
These are login pages for various services. Consider them the front door of a website’s more sensitive functions.
Pages containing network or vulnerability data (59 entries)
These pages contain such things as firewall logs, honeypot logs, network information, IDS logs… all sorts of fun stuff!
sensitive Directories (61 entries)
Google’s collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive to uber-secret!
sensitive Online Shopping Info (9 entries)
Examples of queries that can reveal online shopping info like customer data, suppliers, orders, creditcard numbers, credit card info, etc
Various Online Devices (201 entries)
This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.
Vulnerable Files (57 entries)
HUNDREDS of vulnerable files that Google can find on websites…
Vulnerable Servers (48 entries)
These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the “Vulnerable Files” section.
Web Server Detection (72 entries)
These links demonstrate Google’s awesome ability to profile web servers..
Thursday, September 8, 2011
Tuesday, September 6, 2011
password validation test cases
Translation:
- matches a string of six or more characters;
- that contains at least one digit (\d is shorthand for [0-9]);
- at least one uppercase; and
- at least one lowercase character.
input | result of test | reason |
---|---|---|
abcABC | false | no numbers |
abc123 | false | no uppercase letters |
abAB1 | false | too short |
abAB12 | true | - |
Aa123456 | true | - |
another possibilities
I will start by telling you what makes a password strong.
- It has more than 6 characters. The longer the password is, the harder to crack it using brute force attack.
- It contains both small case and upper case characters. This doubles brute force attack time, because it needs to check both cases.
- It contains also numerical characters. This adds another 10 possibilities for each character in the password and thus increases cracking time.
- It contains special characters. This adds another 20 or more characters to the possibilities.
- It contains more than 12 characters. This increases cracking time even more.
My approach was to give one point for each of the conditions above.
And I give a point for each of the conditions, the voting scale is the following
- Very Weak
- Weak
- Better
- Medium
- Strong
- Strongest
invalid and valid email id test cases
Valid Email address | Reason |
email@domain.com | Valid email |
firstname.lastname@domain.com | Email contains dot in the address field |
email@subdomain.domain.com | Email contains dot with subdomain |
firstname+lastname@domain.com | Plus sign is considered valid character |
email@123.123.123.123 | Domain is valid IP address |
email@[123.123.123.123] | Square bracket around IP address is considered valid |
"email"@domain.com | Quotes around email is considered valid |
1234567890@domain.com | Digits in address are valid |
email@domain-one.com | Dash in domain name is valid |
_______@domain.com | Underscore in the address field is valid |
email@domain.name | .name is valid Top Level Domain name |
email@domain.co.jp | Dot in Top Level Domain name also considered valid (use co.jp as example here) |
firstname-lastname@domain.com | Dash in address field is valid |
Invalid Email address | Reason |
plainaddress | Missing @ sign and domain |
#@%^%#$@#$@#.com | Garbage |
@domain.com | Missing username |
Joe Smith | Encoded html within email is invalid |
email.domain.com | Missing @ |
email@domain@domain.com | Two @ sign |
.email@domain.com | Leading dot in address is not allowed |
email.@domain.com | Trailing dot in address is not allowed |
email..email@domain.com | Multiple dots |
あいうえお@domain.com | Unicode char as address |
email@domain.com (Joe Smith) | Text followed email is not allowed |
email@domain | Missing top level domain (.com/.net/.org/etc) |
email@-domain.com | Leading dash in front of domain is invalid |
email@domain.web | .web is not a valid top level domain |
email@111.222.333.44444 | Invalid IP format |
email@domain..com | Multiple dot in the domain portion is invalid |
file upload functionality test cases
UI:
1.Check if the browse... is ellipsis button in becasue it is going to show File open dialog.
2.Check the File open Dialogs File Filters(Supported File Types)
3.Check for the Init Capitalization of the File open Dialog if its a non standard(non common dialog ctrl) form.
Functional:
1.Start uploading the file and disconnect LAN.
2.Check server timeout(There usually is a Timeout for file upload)
3.Check upload from a disc which has no space left(usually the data will be cached to temp for rolling back)
4.Check upload for Folder(its should not be the case)
5.Check for multiple file uploads.
6.Check for Quality of images if the upload is specifically for images(the dithering of images should not happen - imagine uploading a scanned copy of cheque for payment director service)
7.Check for compressed /Readonly /Archived file uploads.
8.Start upload and immediately stop the Web(IIS,Apache) server.
9.test for Folder structure on server side.
10.test for LOBS and BLOBs in case the files go in DB.
11.Test for upload from a network(mapped drive)
12.Test for same file upload many times i.e. depends on the functionality some servers may rename it to xFilie_1, some may just add a new version e.g. Sharepoint. some may simply deny.
1.Check if the browse... is ellipsis button in becasue it is going to show File open dialog.
2.Check the File open Dialogs File Filters(Supported File Types)
3.Check for the Init Capitalization of the File open Dialog if its a non standard(non common dialog ctrl) form.
Functional:
1.Start uploading the file and disconnect LAN.
2.Check server timeout(There usually is a Timeout for file upload)
3.Check upload from a disc which has no space left(usually the data will be cached to temp for rolling back)
4.Check upload for Folder(its should not be the case)
5.Check for multiple file uploads.
6.Check for Quality of images if the upload is specifically for images(the dithering of images should not happen - imagine uploading a scanned copy of cheque for payment director service)
7.Check for compressed /Readonly /Archived file uploads.
8.Start upload and immediately stop the Web(IIS,Apache) server.
9.test for Folder structure on server side.
10.test for LOBS and BLOBs in case the files go in DB.
11.Test for upload from a network(mapped drive)
12.Test for same file upload many times i.e. depends on the functionality some servers may rename it to xFilie_1, some may just add a new version e.g. Sharepoint. some may simply deny.
Subscribe to:
Posts (Atom)