XML External Entity Attacks

XML External Entity (XXE) is an attack where application process user-provided data without disabling the reference to external resource this is due to the weakly configured XML parser for the document type declaration (DTD). XML parser in the application supports external reference by-default even though…

Information Gathering through MS-Office Macros

Hi Readers, In this post discussing how Microsoft Office Word Macros can be used to gather information of a remote system. A Macro is a series of commands or instructions grouped together as a single command to accomplish a task automatically. These are seen in…

Penetration Testing RESTful Web Services

Today we are discussing about RESTful web services penetration testing, web services are the technologies used for data transmission between client and server in real time, according to W3C web services glossary a web service is a software system designed to support interoperable machine-to-machine interaction over…

ClickJacking Attacks & Mitigation Methods

The ClickJacking is the attack which is less known by the many of new security aspirants in web application security. The attack involves the overlaying of elements with some social engineering skills to exploit. This vulnerability is raised because of the improper configuration X-Frame-Options header,…