search
Follow Topic rss_feed

Regex is everywhere on the Internet nowadays. Downing Servers With Evil Regular Expressions. But can regex also lead to vulnerabilities? Today, let’s explore how attackers can exploit poorly…

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
visibility10
visibility10 share bookmarks

As a company grows, it becomes increasingly difficult to secure the hundreds and thousands of machines on the network. Often, all an attacker needs to compromise a network is a single bug on a public-facing machine! Today, we will talk about a common vulnerability on the network perimeter…

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
visibility4
visibility4 share bookmarks

31-days-of-API-Security-Tips

Bharat Dwarkani shared on Feb 05, 2020
image
github.com
bookmarks
share
visibility10
visibility10 share bookmarks

Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty

Bharat Dwarkani shared on Feb 05, 2020
image
medium.com
bookmarks
share
visibility8
visibility8 share bookmarks

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

Bharat Dwarkani shared on Jan 29, 2020
image
owasp.org
bookmarks
share
visibility7
visibility7 share bookmarks

innerHTML is a JavaScript tag whos property is used for DOM manipulation. More specifically, it "sets or returns the HTML content (the inner HTML) of an element." Ordinarily, this property is used to examine the current HTML source of the page, including any changes that have been made since the page was initially loaded. But, it can also be used for Cross-site Scripting(XSS).

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
visibility7
visibility7 share bookmarks

A JavaScript Polyglot is a Cross Site Scripting (XSS) vector that is executable within various injection contexts in its raw form, or a piece of code that can be executed in multiple contexts in the application. So, a JavaScript polyglot can be multiple things at once, like a JavaScript/JPEG

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
visibility5
visibility5 share bookmarks

In the coding world Hashing and Encryption are two processes that are often used interchangeably when talking about security of information. However, though they might be used interchangeably they are two different processes that are used in difference places and it is important to note their differences to understand where to use them.

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
visibility7
visibility7 share bookmarks

This post is part of the series 'Vulnerabilities'. Be sure to check out the rest of the blog posts of the series! Impersonation and security SQL injections How to prevent CSRF attacks ASP MVC and XSRF Cross-site scripting (XSS) ASP MVC: Mass Assignment Regex - Deny of Service (ReDoS) (this post) Deserialization can be dangerous Prevent Zip bombs in .NET

Bharat Dwarkani shared on Jan 22, 2020
image
meziantou.net
bookmarks
share
visibility17
visibility17 share bookmarks

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.

Bharat Dwarkani shared on Jan 19, 2020
image
cheatsheetseries.owasp.org
bookmarks
share
visibility11
visibility11 share bookmarks
add