Category: Penetration Testing

Ctrl + Alt + Security

blind sql injection

How to Blind SQL Injection?

What is Blind SQL Injection? The word “Blind” here refers to “No error message when suffered by an injection attack”. Thus, it is more difficult to exploit. It returns information, when the application is exploited with SQL payloads that return a ‘true or false’ response from the server. By observing the response, an attacker can…
Read more

mobile application security

Are your Apps Secure? An End to End Guide for Mobile Application Security

Mobile Application Security When we were an agrarian nation, all cars were trucks, because that’s what you needed on the farm. But as vehicles started to be used in the urban centers, cars got more popular … PCs are going to be like trucks. Less people are gonna need them and this is going to…
Read more

rubysqli

Ruby Based SQL Injection

Hi Readers, I sat to pen down regarding SQL Injection. Being the topmost finding in OWASP’s top 10, the definition and description of SQL Injection and many exercises for hands-on are available online, one being PORT SWIGGGER LABS. I’ve come across SQL injection in a RUBY ON RAILS code which made me share few points regarding…
Read more

dom xss

A Beginner Guide to DOM Based XSS

What is DOM? DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible when the web application writes data to the DOM without proper sanitization. Its interface gives developers the ability to access the web application and manipulate it by executing operations. The attacker can manipulate the data to include XSS…
Read more

crsf attack

A Tale of Cross Site Request Forgery (CSRF)

What is CSRF ? Cross-site request forgery (CSRF) is a common web security vulnerability. It’s also known as XSRF, Sea surf, session riding, Cross-site reference forgery, and Hostile linking. The Successful CSRF vulnerability can have serious consequences that the Open Web Application Security Project (OWASP-2013) has included it in its top 10 vulnerabilities list. CSRF attack…
Read more

XXE Attack

What are XXE(XML External Entity) Attacks?

What is XXE? XXE stands for XML EXTERNAL ENTITY. Before learning about XXE let’s dive in to know about how the HTML document types are defined and what is DTD. What is DTD? DTD is nothing but the abbreviated form of Document Type Definition which defines the structure and the attributes of an XML document.…
Read more

kubernetes

Kubernetes is Here & There

In Present days, container-based microservice architectures have drastically changed the way development and operations teams (DevOps) work, test and deploy applications. Containers help organizations to scale and deploy applications on the fly, but containers have also brought the organizations new additional challenges and complexity. Many businesses are now deploying lots of containers daily as it…
Read more

Top Myths in Cyber Security

Myth Reality   Strong passwords are all you need 2FA is the key, strong password enforcement is just a start Antivirus software is enough To be truly protected, you need a total solution that encompasses everything from awareness to insider threat detection and disaster protection or recovery Cyber Security threats come from the outside These…
Read more

Pentesting Methods & Methodology

Secure Code Review Vulnerability Assessment Penetration Testing Secure Code Review Pure Play White box Security testing Manual Source code review with automated code scanning using Industry recognized tools Finds vulnerabilities earlier in the SDLC Less expensive to fix security vulnerabilities Covers the latest technologies/programming languages used by developers Vulnerability Assessment Pure Play Black Box Security…
Read more