FeaturedExporing And Exploiting PHP Wrappers

Web applications are often built using a combination of files, this allows developers to reuse the same code across multiple pages and reduce the impact on server resources. Each PHP…

Risk Level:

FeaturedIdentifying Cross-Site Scripting Within A Web Application

When testing for Cross-Site Scripting vulnerabilities prior permission should always be obtained, this can either be through penetration testing rules of engagement or a bug bounty program. Multiple bug bounty…

Risk Level:

FeaturedAWS Penetration Testing – Series Overview

In this series, we’ll explore Amazon’s approach towards users testing the security of their AWS services. We’ll explore popular ways to enumerate and take advantage of various AWS services to…

Risk Level:

FeaturedUnderstanding Web Application Firewalls

Web Application Firewalls (WAFs) play a pivotal role in the security of web applications by protecting against a variety of cyber threats. As businesses and organizations increasingly rely on web…

Risk Level:

FeaturedIntroduction to Cross-Site Scripting

Cross-site scripting (also known as XSS) is a web application vulnerability that occurs when user-provided data is insufficiently sanitized by an application. Since the data is often returned this allows…

Risk Level:

FeaturedIntroduction To Mass Assignment

Before we jump into mass assignment, let’s first understand how website user roles or privileges work. When a user registers to a website they will typically be given a role,…

Risk Level:

FeaturedMaking use of HTTP security headers

When a browser makes a request for a website it must include a number of headers. There are just small instructions from the browser which the web server will then…

Risk Level:

FeaturedActive Directory, A Guide To Golden Tickets

Authentication within Active Directory is usually handled by the Kerberos service, when a client requests access to a resource the domain controller will send back an encrypted TGT (Ticket Granting…

Risk Level:

FeaturedIntroduction To Server-Side Request Forgery

Server-side request forgery, also known as SSRF, is the process of altering requests sent by the web server. Any susceptible request can be manipulated to send information to and from…

Risk Level:

FeaturedAvoiding common file upload vulnerabilities

The web applications of today are always looking for new ways to make the user experience as personal as possible, one way that this is achieved is by allowing their…

Risk Level: