Security Headers :

1. X-Frame-Option:
we used Browser should allow to render a page
Recommendation:ṭ
X-Frame_Option: DENY To prevent clickjacking attack, Protection of sensitive content

If the HTTP Response is a redirect or API the API Retunning Json Data X-Frame-Option does
not provide any security.

2. X-XSS Protection :
It detects the reflected cross site scripting
Recommendation :
X-XSS Protection : 0 -> Allow
1 -> Enabling the cross site scripting filtering
Mode=Block -> If attack is detected then browser preventing rendering a
page
Report -> <Reporting URL> To sanitization of the page

3. X-Content type option:

To prevent men in middle attack
recommendation :
X-Content type option: nosniff

4. Content security policy:

It is a feature in web application to mitigate risk accosiate with XSS and data injection attack
Recommendation:
CSP : 1. default src = it comes site's own origin
2. Media src = Media trusted provider
3. Script src = specific server hosted trusted code

5. Strict transport security : HSTS

It is use to inform the browser that the site is only accessd by using HTTPS
Recommendatio:
HSTS = Max age
its include that the time in seconds that browser should remember that the site only accessed by
using HSTS

Attck possible:
Men in middle attack
SSL/TLS Striping attack
Cookie high jacking attack
6. Cross origin policy:
its used to protect againts certain request comes from another origin
recommendation:
Samesite
sameorigin'
crossorigin

7. Same origin policy(SOP):

it is a security machanisam implemented by web browsers to prevent web pages from
accessing content from other origin
example suppose you r logged in to your online banking application at [Link] when you
visit another page at [Link] so your browser will allow the page to access
your account information bcoz both pages have same origin

Path set to root :We used cookies for each request in the domain

Secure : for secure channel communication we used HTTPS

HTtponly : it will not send cookies via java script

SameSite:
The "SameSite" attribute for cookies helps prevent cross-site request forgery (CSRF) attacks by
controlling whether cookies should be sent with cross-origin requests.

What Is the Differnace Beetween POST And GET Method ?

Both GET and POST Method is used to transfer data from client side to server site in HTTP
Protocol but
main differnace is GET Carries request parameter appended in the URL String while POST
carries request parameter in the body.

Difference Between HTTP and HTTPS?

1. HTTP works in the application layer and HTTPS works in the transport layer
2. HTTP default port is 80 and HTTPS default port is 443
3. No encryption is present in the HTTP and both encryption and decryption present in the
HTTPS
4. The main diff is HTTPS use TLS/SSL to encrypt the HTTP request and response.

What is the SSL?

Secure socket layer is cryptographic protocol use for secure communication between users web
browser to web server.
What is the SSL Handshake?
1. Establishing the connection: For the SSL handshake we have to establish the connection
between to the client side to the server side so it contains SSL version, Session ID, cipher suit,
Compression method.
2. Server authentication and key exchange: Server provide his certificate to the client so that
server can authenticate his self to the client and ask client to provide his certificate and server
send his public key to the client.
3. client authentication and key exchange: Client sends his certificate to the server and provide
his key to the server.
4. Finalizing the phase: client provide his current status of cipher specification to the server and
server sends his current status of cipher specification to the client and handshaking process will
finish.

JwT Vs cookie:
They both are use for managing users authentication and authorization, So cookie is small
peace of data which is store in the client side browser were as JwT stands for jeson web token
and it consist of header, payload, signiture

Cookies are vulnerable to XSS attack where malicious script are injected into website and these
scripts can be steal or maipulate the content of the cookie.

If JwT is not securly stored on the client side or transmitted over the insecure channel it can be
intercepted and leading to unauthorised access

Oauth (Open authorization):

its widly use protocol that allows thired party application to access the user data from online
services such as facebook, google

IDOR:
It occurs when a web application exposes a referance to an internal object such as database
record and file, in a way that allows an attacker to directly manipulate the referance

Mitigation:
Use indirect referance : instead of using direct referance to internal object such as database
record, IDs or file name use indirect referances that are not predectable

Access control : Implement access control machanisam to ensure that users can only access
the data they are authorized to access

input validation
use encryption

What is the Double submission cookie ?

Double submission cookie is the contex of CSRF prevension. double submit cookie involves
sending random value in both a cookie and request parameter, when form submited, the server
checks if the cookie value matches the request parameter, if they match it indicates that the
request is legitimate.

What is the approch for the network PT when you get the IP address:
gather information about the target network using took like Nmap
conduct comprehensive network scan to identify like hosts,open port and services running on
those ports
Identify and gether information about the services running on open ports this may includes the
version number, configurations
utilise vulnerability scanning tool like nessus

How Nmap works?

Nmap, short for Network Mapper, is a powerful and widely used open-source network scanning
tool.

Host Discovery: Nmap starts by sending ICMP (Internet Control Message Protocol) Echo
Requests (ping) to the target hosts to determine which hosts are online and responsive.

Port Scanning:Once the live hosts are identified, Nmap performs port scanning to determine
which ports on each host are open and what services are running on those ports.

TCP Connect Scan: Actively opens a connection to each port to check if it's open.

SYN Scan (Half-open Scan): Sends a SYN packet to the target and analyzes the response to
determine if the port is open or closed.

UDP Scan: Checks for open UDP ports.

Nmap tries to determine the operating system of the target by analyzing various network
characteristics

Template injection:
it occurs when user input is embedded directly into a template or mark up language without
proper validation and sanitization, this can lead to the execution of unintended code withing the
template

SSTI to RCE
it can potentially lead to remote code execution if the application is processes user supplied
input within template in insecure way.
SSTI identify templtes based on sending payloads then after identifying read the template
manually and put RCE payload via SSTI
If the application does not properly validate or sanitize user input attacker could inject malicious
code leading to RCE
Engines: We have to find the SSTi than like the engine are toranto, paython, jinja2 we can go
with the RCE

Recommendation : validate sanitize user input before using it in tamplates, Use CSP to restrict
type of content that can be loaded

SQL to RCE
SQL identify backend DB based on sending payloads then accordingly share SQLi payloads
=====================================================================

CORS:
its security machanisam that allow web pages from one origin to access resource from differrnt
origin (Access control allow origin)

Owaps Top 10 : Open worldwide Application security project

1. Broken Access Control :
It is a type of web application attack that occurs when application fails to properly enforce
access control,
allowing unauthorised users to access the functionality or data,
typically bypass and manipulating the application’s authentication and authorisation to gain the
access

Impact
Unauthorised access
Data manipulation
Security bypass

Mitigation:
Implement proper authentication : ensure that the authentication machanism is place like strong
passwords policies, multifactor authentication
Implement proper security headers
Regular security testing
Use Role-Based Access Control

2. Cryptography failures:
Cryptography is essential to ensure that confidentiality, integrity and authenticity of the data
when it’s improperly implemented or misconfigured
it can be lead of various types of attack like information disclosure, internal ip disclosure , weak
encryption algorithm

Mitigation:
Use strong encryption algorithm
Secure key management

3. Injection
It is a type of security vulnerability were as attackers can insert or injector malicious code or
data to the application
through input fields to change the server behaviour or compromise the server
It consists sql injection, Xss, XXE attack

Mitigation:
Use prepare statements
Input sanitisation
Use WAF Web application firewall to detect the various types of attack

4. Insecure design :
It’s a type of security vulnerability that arises from fundamental flaws in the architecture of the
application
unlike coding error and improper error handling

Mitigation:
Strong Security design

5. Security misconfiguration :
It’s a type of security vulnerability that occurs when the application is not properly configured so
it can be lead to various types of factor like default profile and password settings , misconfigured
security headers , lack of strong encryption.

6. Vulnerable and outdated components

7. Identification and authentication failure
8. Software and data integrity failure
9. Security login and monitoring
10. SSRF

What is SSRF ?
An attacker can able to make changes in request of internal and external resource from the
server where application is hosted.
attacker can manipulate the request to access or interact with sensitive information

Impact
Data Loss
Financial Loss
Unauthorized access of the users

Recommendations:
Whitelist the allowed URL only allow request and nessesory URL that includes domain and IP
address.
Use the Right Protocols
Use Firewall Configuration
Application and Server Configuration:
Configure the application and server to run with the least privilege necessary.

What is the Host Header Injection?

An Attacker can attack by injecting a payload in the host header is know as host header
injection.
An attacker can inject the malicious payload to the host input field for manupulating the server
behaviour.

Impact
Domain Name Snofing :
An attacker can redirtect traffic to the different server
Session highjacking :
If the session haghjacking attacks is sucussesful then the attacker can might be able to steal the
session of the user and access the unauthorized link
XSS:
If the injected host header contain malicious payload and script then cross site scripting will
happen.

Recommendation:
Utilise the Web application firewall (WAF) to detect various types of attack.
Validated the host header value with domain and ip address with application

What is the CSRF ?

An attcker can tracks users account into performing unauthorized action on different site without
his knowlage and consent its called as CSRF

Impact
It can be lead to malicious actions
data loss
finincila loss
Unauthorized access of the users

Recommendations:
Use Anti CSRF Token for each request that includes human interaction like change password,
Making transaction, registrtions , profile setting.
and token should be validated at the server side to ensure that the request is ligitimate.
Implement same site cookies to Strict and lax
implement referrer header
implement CORS to validate the Domain and IP Address

What are the test cases you performed in CSRF ?

Form Submissions: Submit forms on the target site with malicious payloads to check if they
execute unauthorized actions.

Image and Link Exploitation: Embed malicious image tags or links in a page to trigger
unintended actions when the user visits the page.
Change password, account locke out, [Link] mai , add user,

What is XSS:
It allows attacker to inject the payload to the web page

Tyeps :

Stored XSS: The malicious code is permanently store in the targetd server.

Reflected Xss: when an application receives data in an HTTP request and includes that data
within the immediate response in an unsafe way

What is Dom based XSS:

Its that occurs when web applications dynamically manipulate the Document Object Model
(DOM) of a web page in an unsafe manner. which involve injecting malicious scripts into
server-generated HTML that is sent to the client, DOM-based XSS involves the manipulation of
the client-side DOM.

Recommendations:
Input Validation and Sanitization:
Strict Content Security Policies
regular security audit
Output Encoding : Encode user input when it is displayed in the HTML Output

What are the test cases u perform for XSS?

Inject scripts to steal cookies and verify if the application protects against such attempts.

Script Injection: Test for script injection by entering JavaScript code in input fields. Verify that the
application sanitizes and escapes user inputs to prevent script execution.

HTML Tag Injection: Attempt to inject HTML tags and verify how the application handles and
renders them.

Payloads in URLs: Inject XSS payloads into URL parameters and assess how the application
handles them. Test for reflected XSS by injecting payloads into URLs and checking if they are
immediately reflected in the response.

Unicode and Encoding: Attempt to bypass filters using Unicode characters and encoding.
Ensure that the application handles encoding and decoding consistently to prevent evasion.

Create new security header and add payload in that and try to exploit XSS

2nd Order SQL Injection :

Second order SQL Injection arries when user supplied data is stored by the application and later
incorporated into SQL queries

What is the SQL injection:

web security vulnerability that allows an attacker to interfere with the queries that an application
makes to its database.

Types of sql :
In-band SQLi (Classic),

Inferential SQLi (Blind)

Out-of-band SQL

In-band SQLi :
The attacker uses the same channel of communication to launch their attacks and to gather
their results

Error-based SQLi—the attacker performs actions that cause the database to produce error
messages. The attacker can potentially use the data provided by these error messages to
gather information about the structure of the database.

Union-based SQLi—this technique takes advantage of the UNION SQL operator, which fuses
multiple select statements generated by the database to get a single HTTP response.

Inferential (Blind) SQLi:

attacker sends data payloads to the server and observes the response and behavior of the
server to learn more about its structure

Boolean—that attacker sends a SQL query to the database prompting the application to return a
result. The result will vary depending on whether the query is true or false

Time-based—attacker sends a SQL query to the database, which makes the database wait (for
a period in seconds) before it can react. The attacker can see from the time the database takes
to respond, whether a query is true or false. Based on the result,

Out-of-band SQLi:
Out-of-band SQLi is performed when the attacker can’t use the same channel to launch the
attack and gather information, or when a server is too slow or unstable for these actions to be
performed.

Recommendationa:
Use Parameterized Statements (Prepared Statements):
Input Validation
Least Privilege Principle(Assign the minimum necessary permissions to database accounts
used by your application.)
Stored Procedures(Use stored procedures to encapsulate SQL logic on the database server.
This can help prevent attackers from injecting arbitrary SQL code.)
Web Application Firewalls (WAF)

;waitfor delay '0:0:5' -- (his part of the payload is attempting to introduce a delay of 5 seconds in
the execution of the SQL query. )

' or true-- ( or - This is the logical OR operator in SQL, it's used to inject a condition that is
always true, bypassing the original query's conditions. true -This is a boolean value
representing true in SQL. )

XEE:
its allow attacker to interact with the application processing xml data it often allows attacker to
view files on the application server filesystem an itecat with any backend
Impact
sensitive data explosure
DOS (Compromise the server)

recommendation:
disable extrenal entity processing
input validation and sanitization
whitelist allow xml structure(Allow specific xml structure and reject others)
Implement CSP

LFI: (Local file inclusion): LFI occurs when application includes local file on the server without
properly validating the input, it allow attacker to include and exicute arbitary local file.

Attacker can manupulate the input parameter to includes file that should be not accesable
Example of vulnerable code:
<?php
$page = $_GET['page'];
include($page . '.php');
?>
If the application does not properly validate and sanitize the $page parameter, an attacker could
provide malicious input to include arbitrary files.

Recommendation :
Input validation and sanitization
Use Whitelists(Maintain whitelists of allowed files or directories, )
disable Directory Listing (Turn off directory listing to prevent attackers from discovering the
structure of the file system)

RFI: (Remote file inclusion): RFI occurs when an application includes files from a remote server
without proper validation, allowing an attacker to execute code hosted on an external server.

Attackers may manipulate input parameters to include a file from a remote server, which could
contain malicious code.
<?php
$url = $_GET['url'];
include($url);
?>
If the application does not validate the $url parameter correctly, an attacker could provide a URL
pointing to a malicious script on an external server.

Recommendation:
Use Whitelists for Remote Resources
URL Validation(Validate and sanitize URLs before using them for remote inclusion to prevent
unauthorized access.)
Implement CSP
WAF

==============================================================
API

Owaps TOP 10 API

Broken object level authorisation
Broken authentication
Broken object property level authorisation
Unrestricted resource consumption
Broken function level authorisation
Unrestricted access to business flows
Security misconfiguration
SSRF
Improper inventory management
Unsafe consumption to APIs (Authorization:default credentials: lack of proper authorization
check, Insecure data transmission: not using HTTPS, )

What Test cases you perform during API Testing ?

1. Authentication Testing:
Verify thet the API require proper authentication for access
2. authorization tesing:
Ensuring that the API enforces proper authorization checks
3. input validation:
Test how API encodes the test data to prevent the XXS
4. Confirm that the API uses HTTPS for secure communication
5. verify that the SSL/TLS Configuration
6. verify that the JWT is properly configured

JWT TOKEN:
JWT stands for JSON Web Token. It is a compact, URL-safe means of representing claims to be
transferred between two parties. These claims are typically used to identify and authenticate a
user.
Header ; contains algorithms and type
Payload: contains unique identifiers
Signiture : certificates

API Types: Json, XML, Soap ,REST

Diff Between Soap Vs REST

SOAP is protocol , REST is an architectural style
All data pases in SOAP is in XML format, All data passes in rest like JSON , XML, Plain
text,HTML
data transfer is over HTTP, SMTP, FTP , data transfer over HTTP only

Broken object level authorisation:

In the API End points Broken object level authorisation can be identify by manipulating the ID of
an object that is send within the request
Unauthorized access can be result in the data disclosure to unauthorized parties, data loss and
also it can be lead to account takeover

Broken authentication:
Authentication we have to use the keys like tokens
Authentications method : HTTP Authentication like basic and barrier
API key and O auth

Broken function level authorization:

Authorization check are usually manage via configurations and also code level
If an attacker access the authorization system so he can be lead to disclousure of confidential
data, data tempering , compremising admin level accounts and privilleges

Mass assignment :
Mass assignment is computer vulnerabilty where and active records pattern in web application
is exploited to modify data items that the user is not authorized so the attcker can use the
methodology to update and overwrite the sensitive object or properties that devloper never
wanted to expossed

==============================================
OSI 7 layers :
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Presentation Layer
Application Layer

Mobile Owaps
Improper credentials usage
Inadequate supply chain security
Insufficient authentication/authorisation
Insufficient input/output validation
Insecure communication
Inadequate privacy control
Insufficient binary protection
Security Misconfiguration
Insecure data storage
Insufficient cryptography

What Is the Approch for the mobile Application testing?

1. Authentication Bypass:
Attempt to bypass authentication mechanism by manipulating
request or exploiting to gain unauthorized access
2. Session management testing:
Test how the mobile application handles user sessions,
including login, logouts, and session timeout
3. Data Encryptoion:
intercept and analyze the network traffic to verify sensitive data is
transmited securly using encryption
check any weak encryption algoritham and configurations
4. input validation testing:
Sumbit various input, including special characters characters
to test how the application handles input validation

SSL pinning bypass using Freda

1. Capture the traffic then you will get the certificate error
2. install frida and frida tool like pip install frida & pip install frida tool
3. Download the frida injection scripts
4. for connecting device use abd commands : (ip of device: port)
5. Find the arch version of device (adb shell getprop [Link])
6. push frida server into device (adb push <path of frida-server folder> <space>
</data/local/temp>)
7. Give permissions to frida server (adb shell chmod 777/data/local/tmp/frida-server)
8. pushing the proxy CA certificate
9. check and run frida server in device
10. hook the targeted application with script {frida -U -I <patha_to_frida-ssl-2.js_on_your_PC>
--no-paus-f<your_app_package_name>}

abd: use to communicate with the androide device

shell: invokes remoteshell on the androide device
getprop: retrive system property from the device
[Link] : provide the info about the CPU architecture of the device

SSL pinning bypass using objection

1. Capture the traffic then you will get the certificate error
2. install frida and frida tool like python -m pip install frida & python -m pip install frida tool and
python -m pip install objection
3. Download the frida injection scripts
4. for connecting device use abd commands : (ip of device: port)
5. Find the arch version of device (adb shell getprop [Link])
6. push frida server into device (adb push <path of frida-server folder> <space>
</data/local/temp>)
7. Give permissions to frida server (adb shell chmod 777/data/local/tmp/frida-server)
8. pushing the proxy CA certificate
9. check and run frida server in device
10. hook application by using objection --gadget <app package name> explore

Static What you will check in mobile Application testing

I'll cheked with the SSL pinning Bypass, root detection check and bypass, APK Signiture
validation etc

Root detection bypass :

1. First try to install and use app on rooted device if it is implemented it will not work
2. decomplie the application by using APK tool or JADX
3. find the source code related to root detection
4. modify and remove code from curresponding smali files
5. compile the modified application code using APK tool it will generate new APK under the disk
folder
6. use command package b <app_package>
7. Using the modified application apk using APK signiture utility
8 install modified APK in rooted device.

What is the manifest files in the androide device :

It is located in the root directory of an androide apps and it contains the information about the
app's package, name components , activity, services, permission.

Root detection :
security feature to identify whether the restrictions imposed by manufacturers of Android
devices have been bypassed.
Impact
if its runnung so that we can able to see the internal files
recommendation
we have to set the root detction to desable

========================================================================
=============
OS : Windows 2012/2019 , RHEL
Web server : IIS , Apache HTTP server
App Server : IIS , Apache tomcate
DB server: Oracle, Mysql , MSsql
Routers : Cisco
switches : nexus
firewall: Vmware, Palo alto

OS Windows :
1. Windows NTP Client Set to Enable
Enabling the windows NTP Client Allow your computer to synchronize its computer clock with
other NTP Server
2. Set Interactive logon (Ctr+Alt+dlt) to disable:
This policy setting determines whether user must press Ctr+Alt+dlt before they log on.

RHEL :
1. Enable TLS 1.2 and above
Strong protocol provide the massage communicate between client and server must be encryptrd
2. NTP Client Set to Enable
Enabling the windows NTP Client Allow your computer to synchronize its computer clock with
other NTP Server

web Server / App server :

IIS :
1. Globle authorization rule is set to restric access:
IIS introduce URL Authorization, Which allows the addition of authorization rule to actual URL
2. Ensure Cookie are set to HttpOnly attribute

DB Server: Oracle:
1. Default databse user:
unauthorized user account can exist in the oracle database
2. presence of dormant account:
Dormant account that have not been used for a long period should be locked and later removed
if not required

Cache control attribute/ value : Max age=<seconds>, No store, no cache

CVSS : Common Vulnerability Scoring System

CWES :
CVE : common vulnerabilities and exposures

CORS: Its implemented by we browser to control how web pages hosted on one domain can
request and interact with resources from another domain
Secure : if set to true cookie will only will send over HTTPS connection
HttpOnly : will not send cookie via javascript
Path set to root: In the domain we use cookies for each request

==================================================================
What is the differences between encryption hash and encoding?
Encryption:
Purpose: Concealing data for confidentiality.
Process: Converts data into a different format using a key, making it unreadable without the
corresponding decryption key.

Hashing:
Purpose: Creating a fixed-size hash value for data integrity.
Process: Irreversibly transforms data into a fixed-length hash, typically a digest.

Encoding:
Purpose: Representing data in a different format for processing or data storage.
Process: Transforms data into a different encoding scheme, ensuring readability without
secrecy.

Source Code :

1. SQL:

query (Input parameter) present

we have to check prepare statement of the input parameter

2. XSS

Fetch(parameter)
println(parameter) possible to xss

we have to recommend that input validation, Properly CSP Configured if unsafe unline / unsafe
eval is present so xss will happen

3. CSRF
[Link] ()
must be present Anti CSRF Token
i will ask AO to were is the token is present
if it is not than i will check same origin policy / cors in Appsec
if the API is used than ill check the token based authentication

4. poor error handling

catch exaption ( ) Empty catch exeption
empty nahi rehna chahiye it must be same value
kuch bhi through kare to front end pe nahi karna cahhiye
used [Link] / [Link]

5. file upload

if input field is present then chack file size , file extension , content
if its from bakend then it will be safe

6. DOS:
readline([Link])
for they have to add some limit like (i=o, i<= 10, i++)

buffer reader(add buffer capacity)

7. Encryption : AES 256 ( Advanced Encryption Standard)

Hash: SHA 256

Wireshark: t is used for network troubleshooting, analysis, software and communications

protocol development

Process Monitoring: The tool monitors and displays in real-time all file system activity on a
Microsoft Windows or Unix-like

SonarQube: code quality to perform automatic review

Basic scan - nmap target_ip

agress scan with OS detection and service version detection : nmap -A target_ip
scan specific port: nmap -p 80,443 target_ip
sacn range of ip's: nmap [Link]-50
scan all port : nmap -p-target_ip
scan UDP : namp -sU target_ip
detect firwall rules : nmap -sA target_ip
What is the approch for the network PT when you get the IP address:
gather information about the target network using took like Nmap
conduct comprehensive network scan to identify like hosts,open port and services running on
those ports
Identify and gether information about the services running on open ports this may includes the
version number, configurations
utilise vulnerability scanning tool like nessus

How Nmap works?

Nmap, short for Network Mapper, is a powerful and widely used open-source network scanning
tool.

Host Discovery: Nmap starts by sending ICMP (Internet Control Message Protocol) Echo
Requests (ping) to the target hosts to determine which hosts are online and responsive.

Port Scanning:Once the live hosts are identified, Nmap performs port scanning to determine
which ports on each host are open and what services are running on those ports.

TCP Connect Scan: Actively opens a connection to each port to check if it's open.

SYN Scan (Half-open Scan): Sends a SYN packet to the target and analyzes the response to
determine if the port is open or closed.

UDP Scan: Checks for open UDP ports.

Nmap tries to determine the operating system of the target by analyzing various network
characteristics

NMap:
Basic scan : nmap [target]
nmap -sV [target]
nmap -O [target]
nmap -A [target]
Port Range Scan:
nmap -p 1-100 [target]
Fast Scan:
nmap -F [target]
Script Scanning:
nmap --script [script] [target]
UDP Scan:
nmap -sU [target]
Ping Scan:
nmap -sn [target]

Output to File:
nmap -oN [Link] [target]

Port Numbers
HTTP (Hypertext Transfer Protocol):
Default Port: 80

HTTPS (Hypertext Transfer Protocol Secure):

Default Port: 443

FTP (File Transfer Protocol):

Control Port: 21

Data Port: 20

SSH (Secure Shell):

Default Port: 22

Telnet:
Default Port: 23

SMTP (Simple Mail Transfer Protocol):

Default Port: 25

DNS (Domain Name System):

Default Port: 53

DHCP (Dynamic Host Configuration Protocol):

Default Ports: 67 (UDP) and 68 (UDP)

POP3 (Post Office Protocol 3):

Default Port: 110

IMAP (Internet Message Access Protocol):

Default Port: 143

HTTPS (Secure Version of IMAP):

Default Port: 993

LDAP (Lightweight Directory Access Protocol):

Default Port: 389

SNMP (Simple Network Management Protocol):

Default Ports: 161 (UDP) and 162 (UDP)

NTP (Network Time Protocol):

Default Port: 123 (UDP)

HTTP Proxy:
Default Port: 8080

HTTPS (Secure Version of LDAP):

Default Port: 636

MySQL Database:
Default Port: 3306

Oracle Database:
Default Port: 1521

RDP (Remote Desktop Protocol):

Default Port: 3389

VNC (Virtual Network Computing):

Default Port: 5900