Blog

Ctrl + Alt + Security

blind sql injection

How to Blind SQL Injection?

What is Blind SQL Injection? The word “Blind” here refers to “No error message when suffered by an injection attack”. Thus, it is more difficult to exploit. It returns information, when the application is exploited with SQL payloads that return a ‘true or false’ response from the server. By observing the response, an attacker can…
Read more

mobile application security

Are your Apps Secure? An End to End Guide for Mobile Application Security

Mobile Application Security When we were an agrarian nation, all cars were trucks, because that’s what you needed on the farm. But as vehicles started to be used in the urban centers, cars got more popular … PCs are going to be like trucks. Less people are gonna need them and this is going to…
Read more

rubysqli

Ruby Based SQL Injection

Hi Readers, I sat to pen down regarding SQL Injection. Being the topmost finding in OWASP’s top 10, the definition and description of SQL Injection and many exercises for hands-on are available online, one being PORT SWIGGGER LABS. I’ve come across SQL injection in a RUBY ON RAILS code which made me share few points regarding…
Read more

dom xss

A Beginner Guide to DOM Based XSS

What is DOM? DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible when the web application writes data to the DOM without proper sanitization. Its interface gives developers the ability to access the web application and manipulate it by executing operations. The attacker can manipulate the data to include XSS…
Read more

crsf attack

A Tale of Cross Site Request Forgery (CSRF)

What is CSRF ? Cross-site request forgery (CSRF) is a common web security vulnerability. It’s also known as XSRF, Sea surf, session riding, Cross-site reference forgery, and Hostile linking. The Successful CSRF vulnerability can have serious consequences that the Open Web Application Security Project (OWASP-2013) has included it in its top 10 vulnerabilities list. CSRF attack…
Read more

XXE Attack

What are XXE(XML External Entity) Attacks?

What is XXE? XXE stands for XML EXTERNAL ENTITY. Before learning about XXE let’s dive in to know about how the HTML document types are defined and what is DTD. What is DTD? DTD is nothing but the abbreviated form of Document Type Definition which defines the structure and the attributes of an XML document.…
Read more

kubernetes

Kubernetes is Here & There

In Present days, container-based microservice architectures have drastically changed the way development and operations teams (DevOps) work, test and deploy applications. Containers help organizations to scale and deploy applications on the fly, but containers have also brought the organizations new additional challenges and complexity. Many businesses are now deploying lots of containers daily as it…
Read more

DevSecOps Pipeline

DevSecOps is a culture shift in the IT industry that aims to Integrate Security into the rapid software release cycles that are very significant in modern application development and deployment, also known as DevOps. Embracing this shift-left methodology requires organizations to bridge the gap that exists between Developers and Security Analysts to the point where…
Read more

Forgot Password Vulnerability leads to Account Takeover

Hello all, recently I have found an “Forgot Password – Account Takeover” vulnerability in one of the famous mobile application (the vulnerability is now fixed).  Although, this might not be the new finding or any miracle attack. I just wanted to share this because here I wanted to share how badly the forgot password functionality was…
Read more

security

Best Open Source Mobile Application Security Scanners

Below are some of the best open source mobile application security scanners: OWASP Zed Attack Proxy (ZAP): The OWASP ZAP is one of the world’s most popular mobile app security testing tools that is free to use and is actively maintained by hundreds of volunteers worldwide. OWASP ZAP helps in finding security vulnerabilities automatically in applications during the…
Read more