PHP Security Training Video

Topics Of the Course !!!

what is the threat ? 

• How can you Analyze the threat ?

• what Types of threats Are out there?

• How bad is it ?

• what Threats Are Specific to PHP?

• what are some resources to find out more ??

what are the Consequences when a website is not protected Against Attack?

• Financial loss
• Loss of Service
• identity Theft
• website infection

what are most common forms of aTTack?

• Cross site Scripting(xss)

• Remote Code injection 

• session hijacking, fixaion, and request forgery Sql injection

what Are the  Most  Common  Vulnerabilities aTTackers can Exploit?

• unplanned information disclosure

• predictable resource location

• insufficient authorization

• improper accesss controls

• PHP misconfiguration

• Mishandling file uploads

Download: Medaiafire

SQLi Dumper - Advanced SQL Injection\Scanner Tool v7.0 Private Version

 

Designed to be automated to find and exploit web security vulnerabilities in mass from worldwide!
It is robust, works in the background threads and is super faster.
Uses an advanced search engine with 10 different online search services.

Last release: 06/23/2014 v.7.0

SQLi Dumper Features:

-Suports 20 methods of SQL Injection;
-Suports Multi. Online search engine (to find the trajects);
-Automated search for data in a bulk URL list;
-Automated analizer and dumper with custom injections points (URL, POST, Cookies, UserLogin or UserPassword);
-Dumper suports dumping data with multi-threading (databases/tables/columns/fetching data);
-Exploiter, Analizer and Dumper suports up to 50x separeted threads;
-Advanced WAF bypass methods;
-Advanced custom query box;
-Dumper can dump large amounts of data, with greats control of delay each request;
-Easy switch vulnerabilities to vulnerabilities (internal database);
-Suports proxies list;
-GeoIP database;
-Advanced Trash System works with millions of urls;
-Admin login finder;
-Standalone .exe (no install).

 

credit -> http://sqldumper.blogspot.com

 

Download: Sqli Dumper

 

Best Wordlist sites

Best sites to Download wordlist...
http://cyberwarzone.com/cyberwarfare/pas...word-lists

http://hashcrack.blogspot.de/p/wordlist-...ds_29.html
http://www.skullsecurity.org/wiki/index.php/Passwords
http://packetstormsecurity.org/Crackers/wordlists/
http://www.isdpodcast.com/resources/62k-...-passwords
http://g0tmi1k.blogspot.com/2011/06/dict...lists.html
http://www.md5this.com/tools /wordlists.html
http://www.md5decrypter.co.uk/ downloads.aspx

SQL Injection Bypassing handbook

Content writers :-

Chapter I:::

• SQL Injection: What is it?
• SQL Injection: An In-depth Explanation
• Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?
• Is my database at risk to SQL Injection?
• What is the impact of SQL Injection?
• Example of a SQLInjection Attack

WebApplication Firewalls::

• Detecting A WAF
• Prompt Message
• Dotdefender
• Observing HTTP Response

Chapter II

Advanced evasion techniques for defeating SQL injection Input validation mechanisms
Web applications are becoming more and more technically complex. Web applications, their

• Whitespace
• Null Bytes
• SQL Comments
• URL Encoding
• Changing Cases
• Encode to Hex Forbidden
• Replacing keywords technique
• WAF Bypassing – using characters
• HTTP Parameter Pollution (HPP)
• CRLF WAF Bypass technique
• Buffer Overflow bypassing

Chapter III

Let's see the matter in an orderly fashion from the beginning

• See If Site vulnerability Or Not
• Get Column Number
• Bypassing union select
• Get Version
• Group & Concat
• Bypass with Information_schema.tables
• Requested Baypassing

Chapter IV

Other issues related to the subject

• Null Parameter
• FIND VULNERABLE COLUMNS
• Count(*)
• unhex()
• Get database

Download : MediaFire

source: HF

Best Deface pages Collection

Don't Have Time for designing A Deface page .. ?? 
dont worry here you can download Best Deface Pages, 
Just replace the Name and messgae with your own name and message !!
[Click on Download And Copy The Code, Then Use it, for demo you can paste the code on Pastehtml.com

How to edit and save it... ??
All html codes are shared on pastebin, copy it and paste in notepad
then edit it and save as index.html or anyname.html


1- Tiger M@te's Deface Page, 
This Deface page was uploaded on google bangladesh'd domain Google.com.bd
 : Download


2- Happy Birhthday Deface Page 
for making someone's Birthday special =)
 : Download

3- Deface Page For Long Messages + Video 
Designed By Ffessxt Prince indishell
: Download 


4- #opFreedom Plestine, 
Deface page with free palestine message, Designed by The Hackers army
 : Download


5- Lovely deface Page for Your Girlfried or loved one 
This Deface Page was designed by me =)
 : Download


6-Deface Page with dancing firefox script
 : Download


7-Multi colour deface page
 : Download  


8- Simple Black Deface Page 
Designed by Hax root
 : Download


9-Matrix Style Deface Page
Designed by ShOrTy420
 : Download


10-Pro Style Deface Page 
 : Download


9- Awesome  #opFreedom Plestine Page with New Fuctions
this page desgned by Syakila Daniel
 : Download


10- Awesme Matrix style Deface Page 
Designed by coded32 
: Download


11- Romantic deface Page with Roses
designed by Deepak  Carpenter
: Download


12- Deface Page with Jquery 
Designed by Privatex
 : Download


13- #opmegaupload Deface Page
 : Download

14- A Progammer's Deface Page with Love Letter
Designed by Me .. =)
 : Download

source:  http://www.devilcafe.in