Websecurify : Web Security Testing Environment

Bagi yang terlibat di bidang IT security selalu membutuhkan tool untuk menganalisa dari objek IT yang dicari. Untuk web salah satunya dapat menggunakan websecurify. Websecurify merupakan tool web dan web2.0 untuk melakukan testing dan analisa terhadap suatu web. Dengan menggunakan websecurify kita dapat mengetahui vulnerabilities pada web.

Vulnerability scanner dan analisa yang dilakukan mampu mendeteksi beragam kelemahan web aplikasi melalui penetration test. Berikut ini beberapa diantaranya yang dianalisa:

  • SQL Injection
  • Local and Remote File Include
  • Cross-site Scripting
  • Cross-site Request Forgery
  • Information Disclosure Problems
  • Session Security Problems
  • many others including all categories in the OWASP TOP 10

Main Features

Beberapa fitur yang dimiliki websecurify :

  • Tersedia untuk semua platform (Windows, Mac OS, Linux)
  • User interface yang sederhana
  • Dukungan internasional
  • Mudah digunakan / ditambahkan berupa add-on
  • Report yang bisa di export dan  customisable
  • Moduler dan reusable design
  • Powerful manual testing tools and helper facilities
  • Team sharing support
  • Powerful analytical and scanning technology
  • Built-in service and support integration
  • Scriptable support for JavaScript and Python
  • Extensible via many languages including JavaScript, Python, C, C++ and Java

Salah satu yang memudahkan, selain yang berbasis desktop, websecurify ini tersedia plugins untuk browser chrome

Persiba Bantul Juara Liga Ti-Phone 2010-2011

Persiba Bantul akhirnya menjadi juara liga ti-phone 2010-2011 setelah mengalahkan Persiraja Banda Aceh melalui gol tunggal kapten kesebelasan Wahyu Wiji Astanto (terpilih juga sebagai pemain terbaik) yang digelar distadion manahan solo. Persiba Bantul seperti bermain di kandang sendiri dengan didukung oleh ribuan suporter yang memerahkan stadion manahan solo. Dengan hasil ini selain menjadi kampiun liga ti-phone otomatis Persiba Bantul akan berpromosi ke tingkat yang lebih tinggi Indonesia Super League ( ISL ). Selain Persiba Bantul tim lain yang berpromosi ke ISL yaitu Persiraja Banda Aceh dan Mitra Kukar sementara satu tempat lagi akan diperebutkan antara Persidafon dan satu team dari tim ISL.

Job Vacancy : Creative Marketing Designer

INDOSATM2 is the Internet, Multimedia and other IP based Services Provider. IndosatM2 is fully subsidiary company of PT. Indosat (The Telecommunication Service Provider in Indonesia), starting to operate at year 2000 and giving the services for company, organization and personal / residential in Indonesia, supported by a highest capacity network which was connected to the Global Internet.

We are seeking highly motivated individuals to join our innovative team for the position as mentioned below.

Creative Marketing Designer (Fulltime)

Work location: Jakarta

General Requirements:

§ Multitasking-oriented with high learning capacity

§ Creative thinker, excellent design and typography sense, also detail oriented

§ Able to work in personal and team

§ Good interpersonal skill

§ Ready to work under pressure and deadlines

Special Requirements:

§ Have a strong design art or copywriting background

§ Familiarity of varying design applications such as Flash, Adobe Illustrator, Photoshop, InDesign, Video Editing Software, etc.

§ Several years of experience, an accessible digital portfolio.

Additional Requirements:

§ Experienced in HTML, Dynamic HTML, and Action script is necessary as well

§ Experienced in Professional Photography

§ Knowledge and experienced in Website updates ( CMS ) and social media(i.e. Facebook, Twitter, Blogs, etc.)

Should you meet this requirements, please kindly send you complete resume with digital portfolio, social media track record and recent photograph to: recruitment@indosatm2.com

Not later than 2 weeks after this announcement and only shortlisted candidates will be contacted.
Share

BackTrack 5 Has Been Released

BackTrack 5, the most expected Linux distribution in the world, has been officially released a few minutes ago (see download link at the end of the article).

Dubbed Revolution, BackTrack 5 is based on Ubuntu 10.04  LTS (Lucid Lynx), it’s powered by Linux kernel 2.6.38, patched with all the relevant wireless injection patches, and includes several major improvements.

“The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution”. Today, we are proud to release our work to the public, and then rest for a couple of weeks.”

“This new revision has been built from scratch, and boasts several major improvements over all our previous releases.” – was stated in the release announcement.

Highlights of BackTrack 5:

· Based on Ubuntu 10.04 LTS;
· Linux kernel 2.6.38 (with wireless injection patches);
· KDE 4.6;
· GNOME 2.6;
· 32-bit and 64-bit support;
· Metasploit 3.7.0;
· Forensics mode (a forensically sound instance);
· Stealth mode (without generating network traffic);
· Initial ARM image of BackTrack (for Android-powered devices);
· …and many more!

Existing BackTrack 4 users should definitely upgrade to this new version, especially because starting with May 10th, 2011, BackTrack 4 is no longer supported.

About BackTrack

BackTrack is a very popular Live DVD Linux distribution that focuses on system and network penetration testing, featuring analysis and diagnostic applications that can be run right from the CD. BackTrack emerged from Whax and Auditor Security Collection distributions, using what was best from both in one complete solution.

Download the BackTrack 5 Linux operating system right now from Softpedia.

Permalinks Migration Plugin for wordpress

With this plugin, you can safely change your permalink structure without breaking the old links to your website,and even doesn’t affect your search engine rankings.

introduction

Many people want to change their permalink structure,for example, from /%year%/%monthnum%/%day%/%postname%/ to /%category%/%postname%/

But doing so will make all pages indexed by search engines become invalid,moreover, losing visitors from other sites or bookmarks that links to you.

There is a way to tell the search engines (and browsers) that the page has permenantly moved, and that the old address should be replaced by the new one . It’s called a “301 Redirect”, also known as a Permanent Redirect.When you do this, Search engines will update their indexes quickly and you won’t lose your pagerank.you will continue to receive traffic as though nothing had changed. This works for search engines, bookmarks, and links from other sites.

By now, you know how can you change your permalinks without losing the traffic you’re already getting. You can download this Permalink Migration Plugin to achieve this for you.

This plugin will generates a “301 Redirect” when user or spider visit your site through old permalinks,and redirect them to the new permalinks of the same post.

Do not fear to change your permalink structure now, you would never lose any visitors due to changed addresses.

Download Dean’s Permalinks Migration Plugin Version 1.0

Installation

  1. unzip and upload the file into your wp-content/plugins/ directory.
  2. Activate it on your Admin Panel->Plugin Management page.

Usage

  1. goto admin panel->options->PermalinksMigration.set the old permanlink structure of your site.
  2. goto admin panel->options->Permalinks.change the new permalink structure to what you want. (personally I recommend /%category%/%postname%/
  3. Done,enjoy it.

Setting DHCP Server dan Access Point Wireless pada Mikrotik

Kasus:
Memasukan IP Address secara manual kadang kala merepotkan seorang administrator jaringan, terlebih jika jumlah usernya banyak. Solusinya adalah dengan memberikan alokasi IP address berdasarkan jumlah PC secara otomatis dari router dengan DCHP Server. Mikrotik Router OS sudah menyediakan aturan ini, berikut ini adalah konfigurasi DHCP pada Mikrotik.

Jumlah user 50 User terdiri dari 20 Laptop (2 ethernet: Kabel dan WIFI Total yg harus dialokasikan IP ada 40)dan 9 PC Desktop (1 ethernet)
Internet dari ISP via UTP langsung masuk ke MT dari MT ke Local. Access point sejajar dengan user.

Inet
|
MT ether2: LOCAL (192.168.1.1)
|
Swicth –> User Desktop (UTP 192.168.1.0/24)
|
Access Point (192.168.1.200)–>Laptop User(WIFI 192.168.1.0/24)

Dalam kasus ini konfigurasi IP WAN, LAN, DNS dan NAT Masquerade dianggap sudah berjalan normal.

1. Tentukan ranges IP address yang akan diberikan kepada user

[danang@MikroTik] > ip pool add
name: dhcp-pool1
ranges: 192.168.1.2-192.168.1.50

2. Tetukan interface mana yang akan mengalokasikan IP untuk user, dalam kasus ini interface local pada ethernet2 yang diberi nama: local. Pada tahap ini akan di tentukan nama dari DHCP server itu sendiri yang akan mendistribusikan IP berdasarkan IP Pool pada point 1.

[danang@MikroTik] > ip dhcp-server add interface=local address-pool=dhcp-pool1 enable 0

3. Kemudian konfigurasi DHCP networknya, DHCP network akan ditentukan Network IP dan Gatewaynya.

[danang@MikroTik] > ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1

4. Konfigurasi untuk DHCP Server mikrotik sudah selesai, tahap selanjutnya kita akan mengkonfigurasi Access Point yang akan di posisikan sejajar dengan user yang akan meneruskan distribusi IP dari MT via wireless. Access Point yang akan digunakan adalah LinkSys WAP54G (gambar search di google), konfigurasi default pada Access Point tsb mempunyai IP 192.168.1.245 dengan username: [blank] dan Password: admin

Untuk mengakses Access Point, sediakan kabel UTP Straight pasang Peer to Peer
Access Point <——UTP Straight—-> PC (IP 192.168.1.10 netmask 255.255.255.0)
Buka Command Prompt ping 192.168.1.245, jika reply berarti halaman konfigurasi Access Point sudah dapat di setting. Buka browser pada PC ketik 192.168.1.245 username: [blank] dan Password: admin.
Konfigurasi Access Point
Konfigurasi standart dari pabrik harus di rubah karena menyangkut keamanan dari network itu sendiri. Kita akan merubah IP standart, Nama Access Point, Security Mode.
1. Masuk ke Network Setup, tentukan Device Name dan Configuration Type: Static IP
IP Address : 192.168.1.200
Subnet Mask :255.255.255.0
Default Gateway : 192.168.1.1
Save Settings
2. Masuk ke Menu Wireless, pada Basic Wireless Settings beri nama Access Point Anda pada Network Name(SSID)
3. Selanjutnya pada Tab Security rubah Security Mode: menjadi WEP2-Personal kemudian tentukan Passphrase. Passphrase adalah Network Security Key yang akan diminta setiap Laptop yang akan join ke network via wireless. Sane Settings
4. Rubah password untuk mengakses Access Point pada menu Administration.
Test dan Hasil
Pasang Access Point pada swicth yang sejajar dengan user, coba cari jaringan wifi dengan menggunakan salah satu laptop, jika menemukan salah satu Access Point yang Anda beri nama tadi cobalah Connect. Maka akan diminta memasukan Key dan otomatis Access Point akan merequest IP dari router untuk di teruskan ke interface wifi user laptop tersebut.
Perhatikan pada terminal mikrotik dengan mengetikan
[danang@MikroTik] /ip dhcp-server lease> pr
Flags: X – disabled, R – radius, D – dynamic, B – blocked
# ADDRESS MAC-ADDRESS HOST… SERVER RATE… STATUS
0 D 192.168.1.23 00:21:70:D1:A9:27 lapt… dhcp1 bound
1 D 192.168.1.4 00:1A:92:04:98:A9 Anto… dhcp1 bound
2 D 192.168.1.21 90:4C:E5:C7:B7:50 lapt… dhcp1 bound
3 D 192.168.1.11 90:4C:E5:C7:DB:F5 lapt… dhcp1 bound
4 D 192.168.1.8 90:4C:E5:C7:B5:06 lapt… dhcp1 bound
5 D 192.168.1.9 00:24:2B:B0:D7:11 lapt… dhcp1 bound

Sebenarnya Access Point dapat di pasang pada salah satu Interface pada Mikrotik untuk lebih menjaga keamanan dan management user pada kasus jika Access Point dijadikan Hotspot untuk UMUM berbayar.