Category article

How did we Found Log4shell on Agorapulse

Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been...

Attacking Rate Limit Protection in Modern Web Apps

What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up...

Attacking 2FA in Modern Web Apps

You might be familiar with the annoying OTPS or other authentication tokens delivered right after you log into your favorite site. This article will help you to understand the purpose...

Attacking CORS Misconfigurations in Modern Web Apps

If you are a developer, you already know that it’s nearly impossible to keep every resource in one place. It’s expensive (because everything has to be managed by one party)...

A Hacker Mindset

Whenever the word hacker strikes your ears your mind will always conjure up a picture of a hoodie wearing computer genius with multiple screens in front of him lit with...

Abusing Business Logic of an Application to create backdoor in a form APP

Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...

Attacking Access Control Models in Modern Web Apps

So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...

Category broken-access-control

Attacking Business Logic issues in Modern Web Apps

The complexity of the modern applications has increased exponentially in the past decade. Unfortunately, this has also increased the attacker surface and hence increased the total number of vulnerabilities that...

Abusing Business Logic of an Application to create backdoor in a form APP

Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...

Attacking Access Control Models in Modern Web Apps

So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...

Category general

10 reasons your Orginisation needs a penetration testing

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...

Attacking File Uploads in Modern Web Applications

File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...

Spring4Shell: Everything you need to know.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...

Top 5 Cyber Attacks Of 2021

Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...

Continuous Security Testing - Snapsec

According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...

How data breaches effects your business and brand value

A data breach is a revenue-killing monster that no business wants to deal with. The cost of that nightmare starts right away and doesn’t stop until the last piece of...

Category writeup

Attacking Business Logic issues in Modern Web Apps

The complexity of the modern applications has increased exponentially in the past decade. Unfortunately, this has also increased the attacker surface and hence increased the total number of vulnerabilities that...

Category mindset

A Hacker Mindset

Whenever the word hacker strikes your ears your mind will always conjure up a picture of a hoodie wearing computer genius with multiple screens in front of him lit with...

Category cors

Attacking CORS Misconfigurations in Modern Web Apps

If you are a developer, you already know that it’s nearly impossible to keep every resource in one place. It’s expensive (because everything has to be managed by one party)...

Category 2FA

Attacking 2FA in Modern Web Apps

You might be familiar with the annoying OTPS or other authentication tokens delivered right after you log into your favorite site. This article will help you to understand the purpose...

Category Attacking-Modern-Web-Apps

Attacking Rate Limit Protection in Modern Web Apps

What is rate-limiting? Well, Rate limiting is a process of limiting requests received by the networking device. It is used to control network traffic. Suppose a web server allows up...

Category blog-post

Attacking File Uploads in Modern Web Applications

File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...

Top 5 Cyber Attacks Of 2021

Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...

Continuous Security Testing - Snapsec

According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...

Category Continuous-security

Continuous Security Testing - Snapsec

According to Security Researchers, every code update/push to your production server or application may bring new vulnerabilities into action. Because every time a code on the server changes, It affects...

Category data-breaches

Top 5 Cyber Attacks Of 2021

Due to the growth of technologies around the world and their effects to our privacy, data security has also been an issue. In terms of data breaches, websites or applications...

Category spring4shell

Spring4Shell: Everything you need to know.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...

Category attacking-modern-webapps

Attacking Authentication in Modern Web Applications

Authentication issues are easy to understand however they can sometimes prove the most critical ones because of the fact that authentication is the core of security in any application. In...

Category authentication

Attacking Authentication in Modern Web Applications

Authentication issues are easy to understand however they can sometimes prove the most critical ones because of the fact that authentication is the core of security in any application. In...

Category imran

Security Simplified - Open Redirect [Server Side]

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that...

Attacking File Uploads in Modern Web Applications

File sharing or simple file upload functionality is a widely used feature in web apps now a days. Any misconfiguration in this one feature can put the entire application or...

Category pentesting

10 reasons your Orginisation needs a penetration testing

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...

Category blog

10 reasons your Orginisation needs a penetration testing

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The...

Category Security-Simplified

Security Simplified - Learn How To Find, Exploit and Mitigate Web Vulnerabilites.

During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...

Category web-sec

Security Simplified - Learn How To Find, Exploit and Mitigate Web Vulnerabilites.

During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...

Category dev

Security Simplified - Learn How To Find, Exploit and Mitigate Web Vulnerabilites.

During our subtle technical experience of 7 years in Application security Industry we have often noticed that majority of the people who are into this space know how to exploit...

Category XSS

Security Simplified - Reflected XSS

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application, Reflected XSS arises when...

Category security-simplified

Security Simplified - Reflected XSS

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application, Reflected XSS arises when...

Category tutorial

Security Simplified - Open Redirect [Server Side]

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that...

Security Simplified - SQL Injection

What is SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows...

Category security-explained

Security Simplified - SQL Injection

What is SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows...

Category log4shell

How did we Found Log4shell on Agorapulse

Log4j is a logging framework for Java applications. It is a popular choice for developers looking for a simple and flexible logging solution. However, in the past Log4j has been...

Category uber

Uber Breach - Few Security Takeaways

On 15 September, UBER acknowledged that it was responding to a “cybersecurity incident” and had contacted law authorities about the hack. An individual claiming to be an 18-year-old hacker claimed...