Open in app

Sign In

Write

Sign In

Shivam Bathla
Shivam Bathla

480 Followers

Home

About

Published in Pentester Academy Blog

·Pinned

IaC (Terraform) for Pentesters

Infrastructure as Code (IaC) is an amazing tool for anyone managing infra. But like any other system, it can be attacked. — If learning cybersecurity through offense is interesting to you, try our AttackDefense Lab Platform, containing 2000+ lab exercises covering various topics. Sign in for free to try our community labs and view the list of topics — no subscription or VPN required! …

Terraform

6 min read

IaC (Terraform) for Pentesters
IaC (Terraform) for Pentesters
Terraform

6 min read


Published in Pentester Academy Blog

·Pinned

XSLT Injections for Dummies

Discussing this often-overlooked class of vulnerabilities and possible attack surfaces — If learning cybersecurity through offense is interesting to you, try our AttackDefense Lab Platform, containing 2000+ lab exercises covering various topics. Sign in for free to try our community labs and view the list of topics — no subscription or VPN required! …

Xslt

6 min read

XSLT Injections for Dummies
XSLT Injections for Dummies
Xslt

6 min read


Published in Pentester Academy Blog

·Pinned

From Zip Slip to System Takeover

How unzipping malicious archives can lead to Path Traversal and Symlink file overwrite attacks — If learning cybersecurity through offense is interesting to you, try our AttackDefense Lab Platform, containing 2000+ lab exercises covering various topics. Sign in for free to try our community labs and view the list of topics — no subscription or VPN required! …

Remote Code Execution

5 min read

From Zip Slip to System Takeover
From Zip Slip to System Takeover
Remote Code Execution

5 min read


Pinned

OWASP Top 10 2021 (draft) is out!

Let’s discuss on OWASP’s new top 10 for 2021. We will cover every vulnerability in the list and I will share some practice labs too! — Introduction Recently OWASP had published a new Top 10 list for common webapp vulnerabilities: This list is quite different from the 2017 list, with a few new additions and some categories got merged into a bigger category to reflect the root cause instead of symptoms. Take Sensitive Data Exposure for instance…

Owasp Top 10

2 min read

OWASP Top 10 2021 (draft) is out!
OWASP Top 10 2021 (draft) is out!
Owasp Top 10

2 min read


Pinned

ChaosDB: Sandbox Escape to DB Access

Let’s briefly discuss about ChaosDB, which has been a recent highlight in the cloud world. — Introduction Gone are the days when we used to own servers or even rent them for our needs and then do scaling and other stuff manually. Now it’s all about cloud: AWS, GCP, Azure (and maybe even Oracle). It provides all the features that you might want, in a single place…

Chaosdb

4 min read

ChaosDB: Sandbox Escape to DB Access
ChaosDB: Sandbox Escape to DB Access
Chaosdb

4 min read


Published in Pentester Academy Blog

·Apr 6, 2022

Supply Chain Attacks: Case Studies

Let’s take a look at a few case studies on the different Supply Chain Attacks. — Introduction I’ve have already covered a lot of ground in my previous post dedicated to Supply Chain Attacks, where I’ve discussed about what Supply Chains are, the attack surface, how these attacks happen, and how to prevent these or how to do your best to prevent them, because at the very…

Supply Chain

5 min read

Supply Chain Attacks: Case Studies
Supply Chain Attacks: Case Studies
Supply Chain

5 min read


Published in Pentester Academy Blog

·Mar 23, 2022

Supply Chain Attacks: A Ripe Area For Research

Let’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times. — Introduction I am sure you must have used some sort of software, service, hardware from different vendors. Even the system you are using to view this blog on: be it a mobile application or a desktop has all of these components. You have a bunch of apps from a lot of…

Supply Chain

8 min read

Supply Chain Attacks: A ripe area for research
Supply Chain Attacks: A ripe area for research
Supply Chain

8 min read


Sep 21, 2021

A10:2021-Server-Side Request Forgery

Let’s discuss about the #10 vulnerability OWASP Top 10 2021 list… — Introduction This is another new member to the OWASP Top 10 list and was added from the industry survey, where the professionals tell how important it is, but the data points are still not able to show this. By the way, if you are interested in how OWASP conducts it’s study…

Ssrf

2 min read

A10:2021-Server-Side Request Forgery
A10:2021-Server-Side Request Forgery
Ssrf

2 min read


Sep 21, 2021

A08:2021-Software and Data Integrity Failures

Let’s discuss about the #8 vulnerability OWASP Top 10 2021 list… — Introduction We consume a variety of software and data from different sources and it must be obvious that not all of it gets vetted by us, that would definitely be insane at the very least. …

Owasp Top 10

3 min read

A08:2021-Software and Data Integrity Failures
A08:2021-Software and Data Integrity Failures
Owasp Top 10

3 min read


Sep 21, 2021

A09:2021-Security Logging and Monitoring Failures

Let’s discuss about the #9 vulnerability OWASP Top 10 2021 list… — Introduction How many times have you faced some issues or were performing incident response but were not able to track things due to missing logs and no monitoring at all? This is one of the issues that is even in API Security Top 10. It was previously on #10 in the…

Logging

3 min read

A09:2021-Security Logging and Monitoring Failures
A09:2021-Security Logging and Monitoring Failures
Logging

3 min read

Shivam Bathla

Shivam Bathla

480 Followers

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech