Secure Software Development Lifecycle (SDLC) ...
Since the threat landscape in the software development ecosystem is ever-evolving, we need to reconsider the security controls used throughout the software development and delivery…
Read More
Learning About Web Application Firewall (WAF) Secu ...
Introduction A web application firewall (WAF) is a security solution that provides rule sets to help defend any internet application against attack. Unwanted HTTP traffic…
Read More
Intro to GraphQL – Attack Scenarios ...
Introduction GraphQL is one of the commonly used open-source manipulation and data query language for APIs, and runtime for implementing queries for preexisting data. It…
Read More
Mitigating Cross-Site Request Forgery (CSRF) Attac ...
What is Cross-Site Request Forgery (CSRF)? Cross-Site Request Forgery (CSRF) is a widely known web security vulnerability that enables a malicious user to induce another…
Read More
WEB CACHE DECEPTION ...
Introduction: A security researcher, Mr. Omer Gil initially proposed Web cache deception attack in 2017. This attack takes advantage of the caching functionality in the…
Read More
Insecure Direct Object Reference (IDOR) ...
What is an Insecure Direct Object Reference (IDOR) Risk? IDOR stands for Insecure Direct Object Reference occurring when an application displays an indication of an…
Read More
“OAuth” Related Vulnerabilities ...
What is OAuth? OAuth is a mechanism that is used by many companies like Amazon, Google, Microsoft, etc., which allows the user to view or…
Read More
Sweet32 Birthday Attack Approach ...
In this blog, we are going to understand one of the TLS/SSL attacks i.e., Sweet32 Birthday Attack. Mostly Sweet32 birthday attack is found in networks…
Read More
SECOND ORDER SQL INJECTION ATTACK ...
Second Order SQL Injection: Second Order SQL Injections are those which are not widely discussed. Important to know that these cannot be detected by tools…
Read More
Server-Side Template Injection Vulnerability & ...
In this blog, we are going to discuss on Server-Side Template Injection (SSTI) vulnerability and its exploitation. Before directly getting into the details of SSTI…
Read More