Request forgeries (CSRF, XSRF, SSRF)
In 2020, CheckPoint Research announced multiple vulnerabilities in the popular social media application named TikTok. One of the found vulnerabilities allowed an attacker to delete…
Category: Application Security
Content and resources related to Application Security (AppSec)
Directory / Path Traversal
Just like you have directories on your PC, laptop, and mobile phones, web servers also have directories. For example, if you were to purchase web…
Static Application Security Testing (SAST)
What if you could take multiple senior developers and security experts, distill them into a tool, and then have the ability to run that tool…
Proxy Servers
Proxy servers are a topic that you can expect to get quizzed on in the CompTIA Security+ exam. To make sure you can answer questions…
AWS WAF Made Simple: Protect Your Web Apps In The Cloud
AWS built its own Web Application Firewall and named the service AWS WAF, and we’re going to take a detailed look at how we can…
What are SQL Injections? // Explained in 180 seconds
Whenever you visit a website or use some kind of application, that website or app needs to pull data from a database. For example, let’s…
What is HashiCorp Vault and why should you know about it?
Vault is an open-source secrets management tool used to automate access to secrets, data, and systems. This blog post comes from our Explained in 180…
Hashing use cases
In practice, what is hashing used for? How is it being used in the real world? Let’s take a look at a few common hashing…
Hash Tables, Rainbow Table Attacks, and Salts
As we talked about, applications that properly handle passwords don’t actually store the passwords themselves in databases, but instead, store hashes of passwords. That’s why…
Encrypted versus hashed passwords. What’s the difference?
As you study for the CompTIA Security+ exam, it’s important that you understand the differences between plaintext, encrypted, and hashed passwords. It’s common to hear…