OWASP

April 17, 2019

OWASP Top 10 – What are Different Types of XSS ?

Cross Site Scripting (XSS) is the most popular web application vulnerability. It is a code injection attack that allows attackers to execute malicious JavaScript code in […]
March 9, 2019

API Penetration Testing with OWASP 2017 Test Cases

Brief about API Penetration Testing: API Penetration Testing is one of the favourite attack surfaces, where the attacker can use to gain into further access to […]
January 9, 2018

Tabnabbing – An art of phishing

This blog is about a technique used by attackers to perform phishing attack by using the Tabnabbing. Although, this was technique was invented long time ago, […]
January 6, 2018

Web Services and API Penetration Testing Part #1

Hi Readers, today we will learn about another interesting part of web services and API penetration testing part, this revolves around Security assessments of web services. […]
September 20, 2017

OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform […]
September 3, 2017

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be known to […]
August 28, 2017

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

This blog covers Cross-Site Scripting (XSS) vulnerability from a different perspective. Generally, XSS is when the application takes user supplied JavaScript and displays it without escaping/encoding. […]
May 4, 2017

OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass

What is CAPTCHA? CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”. It is used to determine whether or […]
February 14, 2017

OWASP Top 10 Details About WebSocket Vulnerabilities and Mitigations

Socket in a Nutshell A socket is an endpoint of a network communication. A socket always comes in 2 parts: An IP address and a port. […]