This blog focuses on two important things: the HTTP parameter pollution attack and mass assignment vulnerability. It helps developers to understand the risks that web apps can face and how to make them safer. The blog talks a lot about […]
This blog focuses on two important things: the HTTP parameter pollution attack and mass assignment vulnerability. It helps developers to understand the risks that web apps can face and how to make them safer. The blog talks a lot about […]
The Open Web Application Security Project (OWASP) is an online community that was established on September 9, 2001, by Mark Curphey, a cybersecurity expert, with the objective of mitigating cyber attacks. OWASP has developed a list of the top 10 […]
Cybersecurity is a common term for every business but how seriously is it taken? Small businesses often have no budget set aside for cybersecurity which means no security team or vendors. It’s a misconception that small businesses go unnoticed by […]
The growth of mobile app usage has only been an upward graph in the recent years. But as they say, “With great powers, comes great responsibilities.” And so it is for mobile apps. They can bestow tremendous benefits to any […]
A penetration test is a simulated cyberattack against an enterprise’s IT system to identify vulnerabilities that are exploitable which can result in a data breach and financial loss to the organization. Penetration Testing helps the organization and IT leaders identify […]
A contact form for customer inquiries is one of the most common features present on the websites of most companies. It provides an easy way for prospective customers to get in touch with the company. WordPress’ plugins are available that […]
As part of the Application Security Assessment, we have come across the vulnerability Server Side Request Forgery (SSRF) using HTML Injection, via PDF and image generator. As the vulnerability name suggests, an adversary forces a vulnerable web server to access […]
During a web application penetration project, our team has exploited a simple bug that can turn into remote code execution to the main server. Recently our team escalated a straight forward template injection to a Remote Code Execution and compromised […]
Developers pay great attention to the design of software products, trying to make them as convenient as possible. But what about the security of the data that users entrust to the manufacturers of these applications? How can one learn and […]
Secure code review is a process performed manually as well as automatically that identifies security blemishes in an application’s source code. The ultimate aim of this review is to point out any existing security imperfections or open area weaknesses. Application’s […]