January 31, 2017

PageKit Open Source CMS Penetration Test

Overview Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. […]
January 11, 2017

OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation

What is a DOM (Document Object Model)? DOM is a W3C (World Wide Web Consortium) standard. It is a platform independent interface that allows programs and scripts to […]
January 8, 2017

OWASP Top 10 : Penetration Testing with SOAP Service and Mitigation

SOAP Overview: Simple Object Access Protocol (SOAP) is Connection or an interface between the web services or a client and web service. SOAP is operated with […]
January 7, 2017

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, […]
November 22, 2016

OWASP TOP 10 Cross-Site Request Forgery #8 – About CSRF Vulnerability and Fix

Overview OWASP TOP 10 Cross-Site Request Forgery #8 is a vulnerability which is very commonly found in many web applications these days. And it is also […]
October 27, 2016

Understanding Account Creation and Privilege Escalation Vulnerability in Joomla

On Tuesday Joomla announced the security for the critical vulnerability which allows attacker to create account CVE-2016-8870 and escalate the privilege CVE-2016-8869 due to inadequate checks […]
October 20, 2016

Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application

I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that […]
October 1, 2016

Learn About Race Conditions Vulnerability

To learn about Race Conditions Vulnerability, let us start with an example – Imagine yourself in a bus, where all the seats are occupied and several […]
September 10, 2016

Everything about the CSV Excel Macro Injection

CSV Excel Macro Injection, also known as Formula Injection or  CSV Injection, is an attack technique which we use in the day to day penetration testing […]