Category: web application Security

Hello & Welcome Everyone!! Today in this blog we are going to discuss about CSV Injection. Before going to start the discussion we will first understand, what is CSV file, what is CSV injection etc. What is CSV file? CSV is an acronym for “Comma…

XML External Entity (XXE) is an attack where application process user-provided data without disabling the reference to external resource this is due to the weakly configured XML parser for the document type declaration (DTD). XML parser in the application supports external reference by-default even though…

In our last blog on crypto we discussed on a case study related to penetration testing of crypto exchange. Today we are going to discuss on best security practices for securing crypto exchange sites. Web Application Level 1) Implement Two factor authentication at login and…

The newsletter consists of high-level executive summary of most of the important news, articles, data breaches and Microsoft patches details that have been published on information security. Each news item is very briefly summarized and includes a reference on the web for detailed information. We…

IMPINJ is an organization which connects billions of everyday items such as apparel, medical supplies and automobile parts to consumer and business applications such as inventory management, patient safety, and assets tracking. The impinj platform uses RFID to deliver timely information about these items to…

Today we are discussing about RESTful web services penetration testing, web services are the technologies used for data transmission between client and server in real time, according to W3C web services glossary a web service is a software system designed to support interoperable machine-to-machine interaction over…

The ClickJacking is the attack which is less known by the many of new security aspirants in web application security. The attack involves the overlaying of elements with some social engineering skills to exploit. This vulnerability is raised because of the improper configuration X-Frame-Options header,…