Oladimeji Alabi Taofeekdimcoder.hashnode.dev·Nov 19, 2024Understanding Cookies: What They Are, How They Work, and Why They Matter for Your PrivacyUnderstanding Cookies on Websites: Why They're Important You’ve likely seen the message asking you to accept cookies when visiting various websites. But how many of us truly understand what cookies are and why we are asked to accept them?, or do you ...Discuss·44 reads#Cookies #internetprivacy
Joel O.joelodey.hashnode.dev·Nov 17, 2024Lab: Broken brute-force protection, multiple credentials per requestLab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...Discuss·1 likePortSwigger Authentication Labswebsecurity
Rosecurifylog.rosecurify.com·Nov 17, 2024Seclog - #100"The enemy does not check your risk register prior to attacking." - Sun Tzu, The Art of Cyber War 📚 SecMisc PoisonTap - Exploiting locked computers through USB peripherals, demonstrating techniques to bypass security measures on locked machines. Re...DiscussseclogBlueHat2024
Tejas Shindetejasgshinde.hashnode.dev·Nov 8, 2024The HTTP vs HTTPS Dilemma: Securing the Backend-Frontend CommunicationIn today's web applications, security is of paramount importance. One crucial aspect of this is ensuring secure communication between the backend and frontend components of your system. This is where the distinction between HTTP and HTTPS becomes cru...Discusshttp
Joel O.joelodey.hashnode.dev·Nov 8, 2024Lab: Exploiting XXE to perform SSRF attacksLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...Discuss·1 likePortSwigger XML external entity (XXE) injectionxxe
b1d0wsb1d0ws.hashnode.dev·Nov 7, 2024AppSec Project - Chapter 3, Enhancing SecurityIntroduction In today’s article, we will focus on implementing several enhancements to improve the overall security of our web application. While most of these changes do not address specific vulnerabilities, they play a crucial role in mitigating po...Discuss·106 readsPostsappsec
Ashlesh singh chouhanforSecuring Authentication Beyond Passwordsbeyond-password-securing.hashnode.dev·Oct 30, 2024Understanding Authentication VulnerabilitiesAuthentication is a fundamental security concept, directly linked to the security of any system. Vulnerabilities in authentication mechanisms can allow attackers to gain unauthorized access to sensitive data and functionality, exposing additional att...DiscussReal-World Attack
Bisola Adedijibeesola.hashnode.dev·Oct 9, 2024Getting Started With Portswigger Web Security AcademyPortSwigger's Web Security Academy is a free, interactive online learning platform that teaches web security through hands-on labs, designed by the creators of Burp Suite. Whether you’re a budding ethical hacker, a developer wanting to secure your co...Discusswebhacking
hexbyteblog.hexbyte.in·Oct 7, 2024Ethernaut Series - 03 (Coin Flip)Overview This level presents us with a coin flipping game. We need to maintain a winning streak of 10 by guessing the outcome of a coin flip. The concept being taught here is the one about randomness. There is no inherit source of randomness in Ether...DiscussEthernautwebsecurity
hexbyteblog.hexbyte.in·Oct 5, 2024Ethernaut Series - 01The challenge asks us to claim the ownership of the contract and reduce its balance to 0. In this case, we have been provided with the contract itself. // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Fallback { mapping(address =...DiscussEthernautEthernaut
