Overview: Security misconfigurations are security controls that are inaccurately configured orleft insecure, putting your systems and data at risk such as any poorly documentedconfiguration changes, or a technical issue across any component in your endpoints and default settings. We can detect security misconfigurations in web applications using following test cases: 1) EXPOSED FILES AND DIRECTORIES:…
The SSRF error occurs whenever the web application fetches a remote resource without validating the user-supplied URL. It allows an attacker to force an application to send a specially crafted request to an unwanted destination, even when protected by a firewall, VPN, or network access control list (ACL) type. As modern web applications provide end…
What is Blind SQL Injection? The word “Blind” here refers to “No error message when suffered by an injection attack”. Thus, it is more difficult to exploit. It returns information, when the application is exploited with SQL payloads that return a ‘true or false’ response from the server. By observing the response, an attacker can…
Mobile Application Security When we were an agrarian nation, all cars were trucks, because that’s what you needed on the farm. But as vehicles started to be used in the urban centers, cars got more popular … PCs are going to be like trucks. Less people are gonna need them and this is going to…
Hi Readers, I sat to pen down regarding SQL Injection. Being the topmost finding in OWASP’s top 10, the definition and description of SQL Injection and many exercises for hands-on are available online, one being PORT SWIGGGER LABS. I’ve come across SQL injection in a RUBY ON RAILS code which made me share few points regarding…
What is DOM? DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible when the web application writes data to the DOM without proper sanitization. Its interface gives developers the ability to access the web application and manipulate it by executing operations. The attacker can manipulate the data to include XSS…
What is CSRF ? Cross-site request forgery (CSRF) is a common web security vulnerability. It’s also known as XSRF, Sea surf, session riding, Cross-site reference forgery, and Hostile linking. The Successful CSRF vulnerability can have serious consequences that the Open Web Application Security Project (OWASP-2013) has included it in its top 10 vulnerabilities list. CSRF attack…
What is XXE? XXE stands for XML EXTERNAL ENTITY. Before learning about XXE let’s dive in to know about how the HTML document types are defined and what is DTD. What is DTD? DTD is nothing but the abbreviated form of Document Type Definition which defines the structure and the attributes of an XML document….
In Present days, container-based microservice architectures have drastically changed the way development and operations teams (DevOps) work, test and deploy applications. Containers help organizations to scale and deploy applications on the fly, but containers have also brought the organizations new additional challenges and complexity. Many businesses are now deploying lots of containers daily as it…
DevSecOps is a culture shift in the IT industry that aims to Integrate Security into the rapid software release cycles that are very significant in modern application development and deployment, also known as DevOps. Embracing this shift-left methodology requires organizations to bridge the gap that exists between Developers and Security Analysts to the point where…