Snapsec | blog
Snapsec - A cybersecurity Company.
Category methodology
What is Penetration Testing: A “pen-test,” also referred to as a penetration test, simulates a cyber-attack on a computer system, network, or web application in order to assess the security...
Organizations use penetration testing, also known as “pen testing” or “ethical hacking” as a crucial security measure to find and fix security vulnerabilities in their networks and systems.
introduction Penetration testing, also referred to as “pentesting,” is a technique for assessing the security of a computer network, web application, or other system by simulating an attack by a...
Penetration testing, also referred to as “pen testing” or “ethical hacking,” is a technique for assessing a computer system’s, network’s, or web application’s security by simulating an attack from a...
As a cybersecurity and penetration testing company, it is important for us to have a clear and thorough methodology in place to ensure the effectiveness and reliability of our services....
Category VAPT
Protecting sensitive data and systems has become a top priority for organisations of all sizes in today’s interconnected world. It is crucial to routinely evaluate the security of your systems...
What is Penetration Testing: A “pen-test,” also referred to as a penetration test, simulates a cyber-attack on a computer system, network, or web application in order to assess the security...
Organizations use penetration testing, also known as “pen testing” or “ethical hacking” as a crucial security measure to find and fix security vulnerabilities in their networks and systems.
introduction Penetration testing, also referred to as “pentesting,” is a technique for assessing the security of a computer network, web application, or other system by simulating an attack by a...
Penetration testing, also referred to as “pen testing” or “ethical hacking,” is a technique for assessing a computer system’s, network’s, or web application’s security by simulating an attack from a...
As a cybersecurity and penetration testing company, it is important for us to have a clear and thorough methodology in place to ensure the effectiveness and reliability of our services....
Category cyberattacks
Network defenders and the cybersecurity industry must move their focus from the network’s edges and endpoints to the network’s interior. Inside the network, IT and security data collection is frequently...
Not only has the number of cyberattacks increased significantly over the last few decades, but they have also become more sophisticated. As a result, developing a cyber-resilient strategy is critical....
You might think great businesses are more threatened by data breaches and cyber attacks than small businesses. They do, but that’s not the case every time.
Category businesses
You might think great businesses are more threatened by data breaches and cyber attacks than small businesses. They do, but that’s not the case every time.
Category article
Another expedition to choose a new target to hack at Snapsec stopped at Zendesk. Zendek aligned with most of our testing principles, which we consider while choosing a new target...
Almost a year back in March 2020 shuffling our private invites stock to crash into a program worthy of our time and excitement. In a while, we stumbled upon a...
Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been...
What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up...
You might be familiar with the annoying OTPS or other authentication tokens delivered right after you log into your favorite site. This article will help you to understand the purpose...
If you are a developer, you already know that it’s nearly impossible to keep every resource in one place. It’s expensive (because everything has to be managed by one party)...
Whenever the word hacker strikes your ears your mind will always conjure up a picture of a hoodie wearing computer genius with multiple screens in front of him lit with...
Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...
So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...
Category broken-access-control
Another expedition to choose a new target to hack at Snapsec stopped at Zendesk. Zendek aligned with most of our testing principles, which we consider while choosing a new target...
Almost a year back in March 2020 shuffling our private invites stock to crash into a program worthy of our time and excitement. In a while, we stumbled upon a...
The complexity of the modern applications has increased exponentially in the past decade. Unfortunately, this has also increased the attacker surface and hence increased the total number of vulnerabilities that...
Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...
So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...
Category general
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...
File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...
Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...
According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...
A data breach is a revenue-killing monster that no business wants to deal with. The cost of that nightmare starts right away and doesn’t stop until the last piece of...
Category writeup
The complexity of the modern applications has increased exponentially in the past decade. Unfortunately, this has also increased the attacker surface and hence increased the total number of vulnerabilities that...
Category mindset
Whenever the word hacker strikes your ears your mind will always conjure up a picture of a hoodie wearing computer genius with multiple screens in front of him lit with...
Category cors
If you are a developer, you already know that it’s nearly impossible to keep every resource in one place. It’s expensive (because everything has to be managed by one party)...
Category 2FA
You might be familiar with the annoying OTPS or other authentication tokens delivered right after you log into your favorite site. This article will help you to understand the purpose...
Category Attacking-Modern-Web-Apps
What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up...
Category blog-post
File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...
Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...
According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...
Category Continuous-security
According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...
Category data-breaches
Web hosting provider GoDaddy recently disclosed a multi-year(possibly since 2020) security breach, which enabled attackers to install malware and steal source code related to some of its services. The company...
Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...
Category spring4shell
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...
Category attacking-modern-webapps
Authentication issues are easy to understand however they can sometimes prove the most critical ones because of the fact that authentication is the core of security in any application. In...
Category authentication
Authentication issues are easy to understand however they can sometimes prove the most critical ones because of the fact that authentication is the core of security in any application. In...
Category imran
Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that...
File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...
Category pentesting
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...
Category blog
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...
Category Security-Simplified
During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...
Category web-sec
During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...
Category dev
During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...
Category XSS
Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety...
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application, Reflected XSS arises when...
Category security-simplified
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application, Reflected XSS arises when...
Category tutorial
Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that...
What is SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows...
Category security-explained
What is SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows...
Category log4shell
Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been...
Category uber
One of the largest online password manager with Over 25 million users as of 2020. LastPass suffered a massive data breach recently. The data included user information and vault data....
On 15 September, UBER acknowledged that it was responding to a “cybersecurity incident” and had contacted law authorities about the hack. An individual claiming to be an 18-year-old hacker claimed...
Category Privilege-escalation
Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety...
Category Log4Shell
Agorapulse provides everything an organization could possibly need for social media marketing, monitoring, and management. Agorapulse is a full-featured social media management platform. Some of its features include a variety...
Category AI
Network defenders and the cybersecurity industry must move their focus from the network’s edges and endpoints to the network’s interior. Inside the network, IT and security data collection is frequently...
Not only has the number of cyberattacks increased significantly over the last few decades, but they have also become more sophisticated. As a result, developing a cyber-resilient strategy is critical....
Category cybersecurity
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It...
The rapid growth of technology in Saudi Arabia is a double-edged sword. On one hand, it has the potential to bring new opportunities and improvements to various aspects of life,...
LFI stands for Local File Inclusion. LFI vulnerability in web app can trick application into loading arbitrary files from the server that are restricted. LFI can lead to critical information...
Web hosting provider GoDaddy recently disclosed a multi-year(possibly since 2020) security breach, which enabled attackers to install malware and steal source code related to some of its services. The company...
Category Pentest
Protecting sensitive data and systems has become a top priority for organisations of all sizes in today’s interconnected world. It is crucial to routinely evaluate the security of your systems...
Category vulnerability-management
Vulnerabilities are inevitable in today’s digital landscape, making effective vulnerability management a critical aspect of maintaining a secure environment. From the moment a vulnerability is detected to its successful resolution,...
The Importance of Effective Vulnerability Management
Category csm
The Importance of Effective Vulnerability Management
Category CSM
Vulnerabilities are inevitable in today’s digital landscape, making effective vulnerability management a critical aspect of maintaining a secure environment. From the moment a vulnerability is detected to its successful resolution,...
Category saudi-arabia
The rapid growth of technology in Saudi Arabia is a double-edged sword. On one hand, it has the potential to bring new opportunities and improvements to various aspects of life,...
Category csrf
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It...
Category web-attacks
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It...
![Security Simplified - Open Redirect [Server Side]](/blog/assets/images/SecuritySimplified/or-2/0.png)
Never miss a story from us, subscribe to our newsletter