Request forgeries (CSRF, XSRF, SSRF)
In 2020, CheckPoint Research announced multiple vulnerabilities in the popular social media application named TikTok. One of the found vulnerabilities allowed an attacker to delete…
Tag: Web Security
Static Application Security Testing (SAST)
What if you could take multiple senior developers and security experts, distill them into a tool, and then have the ability to run that tool…
Proxy Servers
Proxy servers are a topic that you can expect to get quizzed on in the CompTIA Security+ exam. To make sure you can answer questions…
What is HashiCorp Vault and why should you know about it?
Vault is an open-source secrets management tool used to automate access to secrets, data, and systems. This blog post comes from our Explained in 180…
How a pentester struggled with bug bounties until this new mindset helped him breakthrough
"It was a long, arduous, journey to finding my first bug." Then one day, Hakluke attended a talk by @shubs that changed his mindset about how to appro…
What is Cross-Site Scripting (XSS)?
According to both OWASP and CWE, Cross-Site Scripting is one of the top 10 most dangerous web application security risks, and for good reason: OWASP’s…
4 steps to getting started securing applications
A lot of times, especially when you join smaller organizations, there are no (or very few) formal processes in place. The approach taken to secure…
What are SQL Injections (SQLi)? Introduction to powerful techniques
We’ve talked about what SQL is, but now, let’s talk about one of the most common and dangerous web-based attacks: SQL injections (aka SQLi). In…
What is Information Leakage, and how do you prevent it?
One of the most commonly found flaws in web applications and mobile applications is information leakage. But what is information leakage, why is it a…
Simple Guide to Checking for WordPress Vulnerabilities
It should come as no surprise that WordPress has a massive target on its back given how popular a platform it has become. To add…