OWASP

June 17, 2020
API-Security-OWASP-2019

API Security Assessment OWASP 2019 Test Cases

An Application Programming Interface (API) is a component that enables communication between two different applications. They can be applications developed on different platforms and it uses […]
April 17, 2019
Types of XSS

OWASP Top 10 – What are Different Types of XSS ?

Cross Site Scripting (XSS) is the most popular web application vulnerability. It is a code injection attack that allows attackers to execute malicious JavaScript code in […]
March 9, 2019
API Penetration Testing with OWASP

API Penetration Testing with OWASP 2017 Test Cases

Brief about API Penetration Testing: API Penetration Testing is one of the favourite attack surfaces, where the attacker can use to gain into further access to […]
January 9, 2018
Tabnabbing Art of Phishing

Tabnabbing – An art of phishing

This blog is about a technique used by attackers to perform a phishing attack by using the Tabnabbing. Although, this was technique was invented a long […]
January 6, 2018
web service API security part 1

Web Services and API Penetration Testing Part #1

Hi Readers, today we will learn about another interesting part of web services and API penetration testing part, this revolves around Security assessments of web services. […]
September 20, 2017

OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform […]
September 3, 2017

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be known to […]
August 28, 2017

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

This blog covers Cross-Site Scripting (XSS) vulnerability from a different perspective. Generally, XSS is when the application takes user supplied JavaScript and displays it without escaping/encoding. […]
May 4, 2017

OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass

What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or […]
Enable Notifications.    Ok No thanks