WebSocket Vulnerabilities
This blog is about different types of WebSocket Vulnerabilities/Findings. So, we will be discussing different types of flaws that may exist in WebSockets. WebSockets are…
Mass Assignment Vulnerability
Before getting into the Mass Assignment vulnerability, let us know what exactly mass assignment is and where it is used. It refers to the assignment…
Secure Software Development Lifecycle (SDLC)
Since the threat landscape in the software development ecosystem is ever-evolving, we need to reconsider the security controls used throughout the software development and delivery…
Learning About Web Application Firewall (WAF) Security
Introduction of Web Application Firewall (WAF) Security A web application firewall (WAF) is a security solution that provides rule sets to help defend any internet…
Intro to GraphQL – Attack Scenarios
Introduction GraphQL is one of the commonly used open-source manipulation and data query language for APIs, and runtime for implementing queries for preexisting data. It…
Mitigating Cross-Site Request Forgery (CSRF) Attacks
What is Cross-Site Request Forgery (CSRF)? Cross-Site Request Forgery (CSRF) is a widely known web security vulnerability that enables a malicious user to induce another…
WEB CACHE DECEPTION
Introduction: A security researcher, Mr. Omer Gil initially proposed Web cache deception attack in 2017. This attack takes advantage of the caching functionality in the…
Insecure Direct Object Reference (IDOR)
What is an Insecure Direct Object Reference (IDOR) Risk? IDOR stands for Insecure Direct Object Reference occurring when an application displays an indication of an…
“OAuth” Related Vulnerabilities
What is OAuth? OAuth is a mechanism that is used by many companies like Amazon, Google, Microsoft, etc., which allows the user to view or…
Sweet32 Birthday Attack Approach
In this blog, we are going to understand one of the TLS/SSL attacks i.e., Sweet32 Birthday Attack Approach. Mostly Sweet32 birthday attack is found in…