OWASP Top Ten – Server Side Request Forgery (SSRF)
What is an SSRF? The next entry in our OWASP Top Ten Series covers Server Side Request Forgeries. Server Side Request Forgery (SSRF) is a security vulnerability that occurs when an attacker is able to make HTTP requests to an internal or external system from a vulnerable server, effectively using the server as a proxy. […]
Phishing, Domain Names, and TLDs
As a small or medium-sized business owner, you may be aware of the threat of phishing attacks. Phishing is a common technique used by cybercriminals to trick people into giving away sensitive information such as usernames, passwords, or credit card numbers. One way to protect your business against these attacks is to buy common domain […]
OWASP Top Ten – Identification and Authentication Failures
Identification and Authentication Failures Today we will cover Identification and Authentication Failures in our series on the OWASP Top Ten. Online security has become a crucial aspect of modern life. Today, every business is a tech business, and it becomes increasingly important to ensure that sensitive data and information are protected from unauthorized access. One […]
What are Weak Hashing Algorithms
“SSL Certificate signed using weak hashing algorithm” refers to a security vulnerability in the SSL/TLS certificate used by a website. A hashing algorithm is used to create a unique digital signature for the certificate, which is then used to encrypt communications between the website and its visitors. If a weak hashing algorithm is used, the […]
Attack Surface Management
Introduction External attack surface management (ASM) refers to the process of identifying, analyzing, and mitigating security risks and vulnerabilities that originate from outside an organization’s network. The focus of external ASM is to protect against threats such as hackers, cybercriminals, and malicious software that can target public-facing systems and applications. These threats can pose a […]
OWASP Top Ten – Injection
OWASP Top Ten – Injection Today’s entry in the OWASP Top Ten series is Injection. If we are going to call a vulnerability a classic, this would be it. In the latest version of the OWASP Top Ten, the venerable vulnerability Cross Site Scripting has been combined with other classic injections, such as SQL injection, […]
TutorTrac Multiple Stored XSS
TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack that can be used to steal user’s sessions cookies, amongst other things. Injection is a […]
OWASP Top Ten – Insufficient Logging & Monitoring
Insufficient Logging & Monitoring This week’s entry in the OWASP Top Ten series is Insufficient Logging & Monitoring. This is one of those things that organizations often don’t realize they are missing until it is too late. People sometimes overlook this one because it’s not an attack or a threat in the common usage of […]
OWASP Top Ten – Vulnerable and Outdated Components
Vulnerable and Outdated Components This is the first post in a series of posts that will cover the OWASP Top Ten. Today’s post will cover Vulnerable and Outdated Components. This is a very common vulnerability found in nearly every penetration test. It basically boils down to using software that has not been updated and/or software […]
