FeaturedPreventing Information Disclosure

By default, websites can reveal information such as development technologies and software versions. On its own these details can be fairly harmless. However, in the right hands, simple information such…

Risk Level:

FeaturedProtecting against XXE

So before we jump into protecting again XXE lets take a quick look at what XXE is. XXE or XML External Entities is when an application accepts XML input which…

Risk Level:

FeaturedWhat Is Remote File Inclusion

Several web pages use include functions to combine the contents of other files into a single page. Unfortunately, if these inclusions are not securely implemented they can be used to…

Risk Level:

FeaturedGuide to HTTP host header injection

Every time you connect to a website you’re sending basic information across in the form of HTTP headers, these headers explain to the web server and other systems what page…

Risk Level:

FeaturedActive Directory, What Is Kerberoasting

Within an Active Directory environments there are standard users and service users, the latter are more commonly known as service principal names or SPN’s for short. Kerberoasting is a post-exploitation…

Risk Level:

FeaturedThe risks of server side template injection

In the ever changing world of application development the list of web technologies continues to grow, this in itself is not a bad thing, however, “with new technologies comes new…

Risk Level:

FeaturedAn introduction to secure authentication

Authentication is the process of verifying a user is who they claim to be, this is usually done with a username and password combination known only to the user themselves….

Risk Level:

FeaturedGuide to local file inclusion

A number of web applications are constructed by including different files, occasionally these files can be specified in locations the user would have access to, cookies or a URL would…

Risk Level:

FeaturedWhat are unvalidated redirects

Many web applications send users to different pages or domains using redirects, this is nothing new. However, like a lot of vulnerabilities, should the redirect functionality not have sufficient checks…

Risk Level:

FeaturedThe dangers of command execution

Command execution is a vulnerability in which an attacker is able to execute arbitrary system commands. They type of attack is particularly dangerous as it exposes the base operating system…

Risk Level: