© 2023 Hashnode
#vulnerability
The Open Web Application Security Project (OWASP) is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks t…
Usage: Someone may ask, till now people were installing Nessus on a virtual machine or a server and it works fine. Then why on a raspberry-pi. The simple answer is that we can carry this cheap kit any…
In recent years, the increase in cyber attacks has made internet security an essential aspect of our digital lives. One of the most common methods of these attacks is the HTTP PUT vulnerability. HTTP PUT is a method used in the Hypertext Tr…
Below discusses a vulnerability I found in GitHub's OAuth Integration. This affects both Github.com and GitHub Enterprise. TL;DR An attacker that can control the subdomain of a domain used in the Authorization callback URL when configuring …
I’ve been a Java developer long enough to remember the excitement when Sun introduced the concept of serialization in the JVM. In the world of C, we could just write a struct into a file but this was …
BIOS security is a unique part of cybersecurity because despite the independence of the BIOS program on the hard drive of a system, hackers can still run certain malicious codes to attack the BIOS of any computer using ransomware or some ot…
Overview As a CTF player, I used many tools to scan the network and get the network service version, and open ports to exploit the system. So, I use many tools like Nmap, Nikto, and Gobuster etc, But …
API security concerns have significantly increased with the rapid adoption of APIs in cloud, web, and mobile applications. Research conducted by 451 Research on the state of API security in 2022, note…
Context I have created and shared a Github project to help developers quickly deploy a Vuejs application using docker taking advantage of containerization capabilities offered by the Docker engine. On…
In Ethereum, accounts can either be Externally Owned Account, (EOA) or Contract Account. A developer may decide to allow only Externally Owned Addresses (EOA) to interact with his contract, then the d…
