Penetration tester

 Penetration tester is the person who find the weakness or vulnerabilities in the websites.

poor security practices

example : 

     1. using easy passwords 

     2. person leaving keys in the vehicle

     3. no security person 

     4. no good lock for the house

  1. Writing passwords on sticky notes and leaving them visible

  2. Not installing antivirus or anti-malware software

  3. Using the same password across multiple sites

  4. Clicking on suspicious links in emails or messages (phishing)

  5. Ignoring software or OS updates

  6. Connecting to public Wi-Fi without a VPN

  7. Leaving a computer unlocked when stepping away

  8. Not enabling two-factor authentication (2FA)

  9. Downloading software from untrusted sources

  10. Storing sensitive data in plain text files

🏠 Physical Security Lapses

  1. Leaving doors or windows unlocked at night

  2. Hiding spare keys under the doormat or flowerpot

  3. Not installing security cameras or alarm systems

  4. Using old or broken locks

  5. Not securing fences, gates, or back entrances

  6. Letting strangers into the home without verification (e.g., posing as utility workers)

  7. Posting vacation plans on social media publicly

🚗 Vehicle Security Mistakes

  1. Leaving valuables (laptop, wallet) in plain sight inside the car

  2. Parking in poorly lit or isolated areas

  3. Not locking car doors, assuming it's a “safe area”

  4. Keeping vehicle registration or address documents in the car

📱 Mobile/Smart Device Risks

  1. Not locking the phone with a PIN or biometric

  2. Installing apps without checking permissions

  3. Connecting smart home devices without changing default credentials

  4. Not updating firmware on smart devices (e.g., security cameras, routers)

  5. Using QR codes from unverified sources


Comments

Post a Comment

Popular posts from this blog

Kali Linux Commands for Ethical Hacking Tools

  🔥 Kali Linux Commands for Ethical Hacking Tools Here’s a complete list of Kali Linux tools and their commands, categorized by Reconnaissance, Scanning, Exploitation, Wireless Attacks, Password Cracking, and Post-Exploitation . 🕵️ 1. Reconnaissance (Information Gathering) WHOIS Lookup sh Copy Edit whois example.com Get domain information. DNS Enumeration sh Copy Edit dig example.com nslookup example.com host example.com Find subdomains & DNS records. Subdomain Discovery sh Copy Edit sublist3r -d example.com List subdomains of a target. Network Scanning (Nmap) sh Copy Edit nmap -sS -p 1-65535 example.com nmap -A -T4 example.com Scan open ports & services. Netcat (Banner Grabbing & Reverse Shell) sh Copy Edit nc -v example.com 80 nc -lvnp 4444 🌐 2. Web Application Security Nikto (Web Vulnerability Scanner) sh Copy Edit nikto -h http://example.com Scan for vulnerabilities. SQL Injection (SQLmap) sh Copy Edit sqlmap -u "http:/...
Read more

A business-level SSL certificate typically falls under Organization Validation (OV)

 A business-level SSL certificate typically falls under Organization Validation (OV) SSL or Extended Validation (EV) SSL . These certificates require businesses to undergo a verification process , ensuring they are legally registered and operating. Example of a Business-Level SSL Certificate (EV SSL) 🔹 Common Name (CN): paypal.com 🔹 Organization (O): PayPal, Inc. 🔹 Organizational Unit (OU): Security Department 🔹 Country (C): US 🔹 State (S): California 🔹 Locality (L): San Jose 🔹 Issuer: DigiCert Inc 🔹 Certificate Type: Extended Validation (EV) SSL 💡 How to Identify a Business-Level SSL Certificate: Check the Certificate Details: Click the padlock icon in the browser’s address bar. View "Certificate (Valid)" → "Details" . Look for the Organization (O) field —it should contain a real business name . Extended Validation (EV) SSL Indicators: Some browsers (e.g., older versions of Safari) highlight the company name in the...
Read more