Month: September 2021

Phishing is a form of social engineering where an attacker masquerades as a reliable entity or asset and tries to breach the system by misleading them. Their motivation is to lure the personnel to get hold of sensitive data such as company assets, employee information, financial information, and passwords. Phishing starts with communication that appears […]

Lack of logging and monitoring the threats to the application from time to time causes massive problems. It may lead to compromising the entire system and an untraceable attack. When is it considered Insufficient Logging and Monitoring? Auditable events such as logins failed logins, and logins are not logged Failure of monitoring applications and APIs […]

Usage of third-party software components in the development process may lead to this type of attack. Known components like third-party application frameworks, libraries, technologies that may have exposure to major vulnerabilities.  These kinds of threats are often difficult to exploit and cause serious data breaches. How Can One Be Exposed To These Threats? Not knowing […]

During the development of web applications, some objects need to be transferred. Objects contain a bunch of sensitive information and cannot be transferred directly. It has to be converted into plain text before transferring. This process of converting JSON objects into plain texts is called serialization. The reverse process is called deserialization.  What Is Insecure […]

A cross-site Scripting flaw occurs whenever the attacker makes use of DOM and API to retrieve data or send commands to the application. Cross-site scripting may widen the surface of the attack for the hacker by allowing him to hack user credentials, spread worms, and control browsers remotely. An attacker tricks the web application to […]

Misconfiguration occurs whenever the system fails to meet the security framework standards. It may occur at the application server-side, application stack level, or even at the network side. Non-identification of these flaws may sabotage and compromise the entire system. It is listed as the sixth most serious threat to OWASP’s top 10 vulnerabilities.   Misconfigurations […]

The failure of the system to validate the user even after the user authentication is called Broken Access Control. This allows the user to bypass the basic access controls without proper validation. This leads to admin-level data exposure which in turn may lead to several other complications. It obtained fifth place in OWASP’s top 10 […]

XML External Entity injection is the type of threat that allows an attacker to access an application’s XML data processing files. It takes place on poorly configured XML processors that allow external entity references within XML documents. It may cause subjugation of important assets using the URI handler, internal file shares, internal port scanning, remote […]

Sensitive data is important information or an asset that needs to be protected. It includes personally identifiable information (PII), banking information, login credentials, etc.  Sensitive data exposure is the exposure of private data carelessly thereby leading to a breach in the entire system. The data being obtained is being sold or modified to conduct fraudulent […]

Broken authentication is theft of user credentials, session tokens, keys, etc.. to gain unauthorized privilege. It is a threat inherent in an online platform or an application thereby enabling the hacker to bypass the authentication.  Attackers try broken authentication manually and attack them by using password lists and automated tools. Based on the system targeted, […]

An injection is a broad class of attack vectors where the attacker provides an altered input to a program. When the input gets executed as a part of a command or a query, the result obtained is completely altered. It is listed as the most dangerous threat in OWASP’s top 10 vulnerabilities. This flaw allows […]