Want to get started in Cybersecurity but still confused about where to start? What role suits your interest and skill? What team to join in Cyber Security? What are the available Career options?
The below image from ServiceNow clearly depicts the notion of various teams and how they collectively work for a single goal- Secure the Organization.
The Security Team comprises various levels, predefined standards, in-scope items, and rules to ease the functioning, which could vary from organization to organization. …
This post explains the nitty-gritty of Insecure Deserialization Vulnerabilities. We will be covering basic understanding and identification., Insecure Deserialization- Vulnerability lies on the 8th spot in OWASP Top 10 Vulnerabilities-2017. It is said to be the most difficult to understand Vulnerability in OWASP Top 10.
Insecure Deserialization also was the common question that I came across frequently, in my Interviews, for InfoSec Profiles. There’s definitely a hype for this Vulnerability & if you are appearing for an interview in InfoSec, keep this in your must-to-know-list. So, now let’s get started.
Simple Words: The application deserializes untrusted data without sufficiently verifying…
Let’s get started with XSS, in order to get those critical bugs- CSRF, SSRF, RCE. Most of the time, an XSS flaw is the cause of a vulnerability that is exploited and escalated to a critical find.
First and foremost, the structure: we will start by learning about the basics of XSS, then: the thing you should know- How a browser & website function, later: types of XSS- understanding the impactful XSSs’, and lastly: XSS in Bug Hunting.
I know you know. But do you know, what you don’t know? XSS is a Cross-Site Scripting attack, a very basic one…
In this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s quickly grasp the basics of Error-based SQLi.
Error-based SQL injection attack is an In-band injection technique where we utilize the error output from the database to manipulate the data inside the database.
In In-band injection, the attacker uses the same communication channel for both attack and data retrieval. You can force data extraction by using a vulnerability in which the code will output a SQL error rather than the required data from the server. …
In this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we will dive into the automated tool: Sqlmap, which will ease the attack escalation.
Let’s start from the basics:
A SQL injection attack consists of the “insertion/injection” of a SQL query via the input data from the client to the application. …
In this article, we’ll be discussing, how to perform Directory Traversal or Path Traversal attacks, aka “dot-dot-slash”, “directory climbing” and “backtracking”.
In Simple Words: Path traversal vulnerabilities arise when the application uses user-controllable data to access files and directories on the application server or another backend filesystem in an unsafe way.
By submitting crafted input, an attacker may be able to cause arbitrary content to be read from, or written to, anywhere on the filesystem being accessed, read sensitive information from the server, or overwrite sensitive files, ultimately leading to arbitrary command execution on the server.
In Technical Words: A…
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions on a web application in which they are currently authenticated. With a little social engineering, an attacker may force the users of a web application to execute actions of the attacker’s choosing.
Cross-site request forgery (or CSRF) allows an attacker to induce a victim user to perform actions that they do not intend to.
CSRF relies on an authenticated session, if a victim is logged into…
The purpose of the HTTP Host header is to help identify which back-end component the client wants to communicate with. Several misconfigurations and flawed business logic can expose websites to a variety of attacks via the HTTP Host header. Before diving in, let’s understand some basic terminology.
HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (
:), then by its value.
The Host request header is the mandatory header (as per HTTP/1.1)that …
Command Injection or OS Command Injection is a category of injection vulnerabilities, where an attacker is able to exploit an unsanitized user input further to run default OS commands in the server.
Code Injection: allows the attacker to add their own code that is then executed by the application.
Command Injection: the attacker extends the default functionality of the application, which executes system commands, without injecting code.
Command injection is an attack in which the goal is the execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes…
Server-side request forgery, or SSRF, is a vulnerability that allows an attacker to use a vulnerable server to make HTTP requests on the attacker’s behalf. This is similar to CSRF as both the vulnerabilities perform HTTP requests without the victim acknowledging it.
With SSRF: the victim would be the vulnerable server.
With CSRF: the victim would be a user’s browser.
As by OWASP- in SSRF Prevention Cheat Sheet: