Want to get started in Cybersecurity but still confused about where to start? What role suits your interest and skill? What team to join in Cyber Security? What are the available Career options?

The below image from ServiceNow clearly depicts the notion of various teams and how they collectively work for a single goal- Secure the Organization.


The Security Team comprises various levels, predefined standards, in-scope items, and rules to ease the functioning, which could vary from organization to organization. …

This post explains the nitty-gritty of Insecure Deserialization Vulnerabilities. We will be covering basic understanding and identification., Insecure Deserialization- Vulnerability lies on the 8th spot in OWASP Top 10 Vulnerabilities-2017. It is said to be the most difficult to understand Vulnerability in OWASP Top 10.

Insecure Deserialization also was the common question that I came across frequently, in my Interviews, for InfoSec Profiles. There’s definitely a hype for this Vulnerability & if you are appearing for an interview in InfoSec, keep this in your must-to-know-list. So, now let’s get started.

What’s the root cause behind the Vulnerability?

Simple Words: The application deserializes untrusted data without sufficiently verifying

Let’s get started with XSS, in order to get those critical bugs- CSRF, SSRF, RCE. Most of the time, an XSS flaw is the cause of a vulnerability that is exploited and escalated to a critical find.

First and foremost, the structure: we will start by learning about the basics of XSS, then: the thing you should know- How a browser & website function, later: types of XSS- understanding the impactful XSSs’, and lastly: XSS in Bug Hunting.

What is XSS?

I know you know. But do you know, what you don’t know? XSS is a Cross-Site Scripting attack, a very basic one…

In this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s quickly grasp the basics of Error-based SQLi.

What is Error-Based SQL Injection Attacks?

Error-based SQL injection attack is an In-band injection technique where we utilize the error output from the database to manipulate the data inside the database.

In In-band injection, the attacker uses the same communication channel for both attack and data retrieval. You can force data extraction by using a vulnerability in which the code will output a SQL error rather than the required data from the server. …

In this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we will dive into the automated tool: Sqlmap, which will ease the attack escalation.

Let’s start from the basics:

What is SQL Injection?

A SQL injection attack consists of the “insertion/injection” of a SQL query via the input data from the client to the application. …

In this article, we’ll be discussing, how to perform Directory Traversal or Path Traversal attacks, aka “dot-dot-slash”, “directory climbing” and “backtracking”.

What is Path Traversal Vulnerability?

In Simple Words: Path traversal vulnerabilities arise when the application uses user-controllable data to access files and directories on the application server or another backend filesystem in an unsafe way.

By submitting crafted input, an attacker may be able to cause arbitrary content to be read from, or written to, anywhere on the filesystem being accessed, read sensitive information from the server, or overwrite sensitive files, ultimately leading to arbitrary command execution on the server.

In Technical Words: A…

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions on a web application in which they are currently authenticated. With a little social engineering, an attacker may force the users of a web application to execute actions of the attacker’s choosing.

Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user.

Cross-site request forgery (or CSRF) allows an attacker to induce a victim user to perform actions that they do not intend to.

Session Riding: OWASP Testing Guide

CSRF relies on an authenticated session, if a victim is logged into…

The purpose of the HTTP Host header is to help identify which back-end component the client wants to communicate with. Several misconfigurations and flawed business logic can expose websites to a variety of attacks via the HTTP Host header. Before diving in, let’s understand some basic terminology.

What is an HTTP Header?

HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value.

What is a HOST Header?

The Host request header is the mandatory header (as per HTTP/1.1)that …

Command Injection or OS Command Injection is a category of injection vulnerabilities, where an attacker is able to exploit an unsanitized user input further to run default OS commands in the server.

Code Injection: allows the attacker to add their own code that is then executed by the application.

Command Injection: the attacker extends the default functionality of the application, which executes system commands, without injecting code.

What actually is a Command Injection attack - according to OWASP?

Command injection is an attack in which the goal is the execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes…

Server-side request forgery, or SSRF, is a vulnerability that allows an attacker to use a vulnerable server to make HTTP requests on the attacker’s behalf. This is similar to CSRF as both the vulnerabilities perform HTTP requests without the victim acknowledging it.

With SSRF: the victim would be the vulnerable server.

With CSRF: the victim would be a user’s browser.

OWASP-Overview of an SSRF common flow

As by OWASP- in SSRF Prevention Cheat Sheet:

  • SSRF is not limited to the HTTP protocol, despite the fact that in general the first request leverages it, yet the second request is performed by the application itself, and thus it…


Cyber Security Analyst | CEH | Twitter- @goswamiijaya, Instagram-@goswamiijaya, LinkedIn- @jayagoswami

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store