Discussing this often-overlooked class of vulnerabilities and possible attack surfaces — If learning cybersecurity through offense is interesting to you, try our AttackDefense Lab Platform, containing 2000+ lab exercises covering various topics. Sign in for free to try our community labs and view the list of topics — no subscription or VPN required! …

How unzipping malicious archives can lead to Path Traversal and Symlink file overwrite attacks — If learning cybersecurity through offense is interesting to you, try our AttackDefense Lab Platform, containing 2000+ lab exercises covering various topics. Sign in for free to try our community labs and view the list of topics — no subscription or VPN required! …

Let’s discuss on OWASP’s new top 10 for 2021. We will cover every vulnerability in the list and I will share some practice labs too! — Introduction Recently OWASP had published a new Top 10 list for common webapp vulnerabilities: This list is quite different from the 2017 list, with a few new additions and some categories got merged into a bigger category to reflect the root cause instead of symptoms. Take Sensitive Data Exposure for instance…

Let’s briefly discuss about ChaosDB, which has been a recent highlight in the cloud world. — Introduction Gone are the days when we used to own servers or even rent them for our needs and then do scaling and other stuff manually. Now it’s all about cloud: AWS, GCP, Azure (and maybe even Oracle). It provides all the features that you might want, in a single place…

Let’s take a look at a few case studies on the different Supply Chain Attacks. — Introduction I’ve have already covered a lot of ground in my previous post dedicated to Supply Chain Attacks, where I’ve discussed about what Supply Chains are, the attack surface, how these attacks happen, and how to prevent these or how to do your best to prevent them, because at the very…

Let’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times. — Introduction I am sure you must have used some sort of software, service, hardware from different vendors. Even the system you are using to view this blog on: be it a mobile application or a desktop has all of these components. You have a bunch of apps from a lot of…

Let’s discuss about the #10 vulnerability OWASP Top 10 2021 list… — Introduction This is another new member to the OWASP Top 10 list and was added from the industry survey, where the professionals tell how important it is, but the data points are still not able to show this. By the way, if you are interested in how OWASP conducts it’s study…

Let’s discuss about the #8 vulnerability OWASP Top 10 2021 list… — Introduction We consume a variety of software and data from different sources and it must be obvious that not all of it gets vetted by us, that would definitely be insane at the very least. …

Let’s discuss about the #9 vulnerability OWASP Top 10 2021 list… — Introduction How many times have you faced some issues or were performing incident response but were not able to track things due to missing logs and no monitoring at all? This is one of the issues that is even in API Security Top 10. It was previously on #10 in the…