NoSQL Injection Vulnerability
In this blog, we will be discussing the NoSQL Injection Vulnerability and its exploitations scenarios. Before getting into the details of NoSQL injections, let us…
SECOND ORDER SQL INJECTION ATTACK
Second Order SQL Injection Attack: Second Order SQL Injection Attack are those which are not widely discussed. Important to know that these cannot be detected…
Open Redirect
What is Open Redirect? An open redirect is a security flaw in an application or a web page that causes URLs to fail to authenticate…
CRLF Injection
Before going into details on what and how to find and perform CRLF injection and what are the measure one should take from this to…
HTTP Parameter Pollution
The parameter enables pages to load data from the back-end e.g., ID, search query. They make websites more interactive to the back-end as well as…
Web Cache Poisoning – Through Host Header Injection
Web cache poisoning is an advanced hacking technique through which an attacker can exploit the pattern or behavior of a web cache and server. But…
Apache Struts-2 Exploited to Remote Code Execution
This blog is to describe my finding on a web-based application which is a very well-known vulnerability found on Apache Struts-2 Remote Code Execution (RCE)….
Vulnerabilities Related to SAML [Security Assertion Markup Language] – Part 1
In this blog, we are going to discuss about what is the SAML (Security Assertion Markup Language) and how it works as well as we…
Microsoft Zero Day – VCard Vulnerability
In this blog we are going to discuss about Microsoft Zero Day – VCard Vulnerability For Windows operating system. Introduction Microsoft Zero Day – VCard…
Advisory | Microsoft Zero Day – Windows Task Scheduler Local Privilege Escalation Vulnerability
Introduction to Microsoft Zero Day Vulnerability A previously unknown zero day vulnerability has been disclosed in the Microsoft’s Windows operating system that could help a…
Categories
- Android Security (19)
- Application security (1)
- Authentication & Authorization (23)
- Blockchain Security (1)
- Bug Bounty (2)
- BYOD (5)
- Case Study (29)
- Chatbot Security (1)
- Cloud Security (14)
- Containerization Security (1)
- Corporate Training (6)
- Cyber Attack (34)
- Cybersecurity Frameworks and Solutions (3)
- Data Breaches (35)
- Data Leakage (27)
- Data Privacy (29)
- Email Phishing (8)
- Encryption & Cryptography (14)
- Ethical Hacking (19)
- General (42)
- Governance Risk & Compliance (8)
- iOS Security (2)
- IOT Security (7)
- Java Security (2)
- Mobile Application Security (19)
- Mobile Device Management (10)
- Network Pentesting (9)
- News (48)
- Password Security (10)
- Past Events (8)
- Patch Management (3)
- Ransomware Attack (14)
- Reverse Engineering (3)
- Secure SDLC (5)
- Security Advisory (34)
- Security Best Practices (43)
- Security Hardening (38)
- Social Engineering Attack (10)
- Social Networking Security (5)
- Source Code Review (2)
- SPAM (2)
- Student Oriented Courses (2)
- Thick Client Penetration Testing (4)
- Unix/Linux Security (1)
- Upcoming Events (3)
- Viruses & Malware (16)
- VoIP Penetration Testing (4)
- Vulnerability Disclosure (21)
- Web Application Security (34)
- Windows Mobile Security (1)
- Zero Day Attack (8)