Discover the techniques and methodologies for identifying and exploiting Cross Site Request Forgery (CSRF) vulnerabilities during penetration testing. This guide covers the latest attack methods and tools for CSRF testing, as well as defense strategies to prevent these types of attacks. Whether you’re a professional pentester or a security enthusiast…

Learn the basics of Remote Code Execution (RCE) as a beginner pentester. Discover what RCE is, how to detect and exploit it, and best practices for prevention. Hands-on examples and step-by-step demonstrations included. Introduction If you are a cybersecurity enthusiast, a beginner pentester or a software developer. You probably need to…

Learn about Server-Side Request Forgery (SSRF) and how to protect your web applications. Our beginner-friendly guide covers the basics of SSRF, including what it is, how it works, and the types of vulnerabilities that can lead to SSRF attacks. Get tips and best practices for identifying SSRF vulnerabilities and mitigating…

What is Subdomain Takeover? (A friendly introduction) a subdomain takeover is a bit like a squatter moving into a house that is not being used. The company, in this case, is like the owner of the house and the subdomain is a specific room in the house (like “app.example.com” is a specific room in the house…

This blog post discusses NoSQL injection, a type of web vulnerability where user-supplied data is passed to a NoSQL database without proper validation. It covers common attack vectors, prevention and mitigation methods, and best practices for securing NoSQL databases. The goal is to increase awareness and understanding of this threat…

If you ever wanted to get a secure session without exposing critical information or wanted to make it easier for you and your team to authenticate users, then JWT could be one of your possible options. What is a JWT? A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to…

Broken Access Control API vulnerability — Background story: Well, there was me and my club (cyber-security club btw) and every semester we try to see what time is the best time for everyone (so more members can attend the club). Anyways, we had to use this app called “When2Meet” which looks like a very outdated app (spoiler: it…