Category: Web Application Security

Introduction Is your server protected against port scanning?  The general answer will be “Yes, I have a firewall which restricts access to internal servers from […]

The Meaning XE which stands for XML Entity is a standard for representing sets of data. Meanwhile, Entities are more like shortcuts to standard text […]

Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of ways. How do we defend […]

Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, let’s understand some basic points. […]

During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled on it. During enumeration of […]

SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 list’s Injection flaws section. SQLMap […]

Browser Reconnaissance and Ex-filtration via Adaptive Compression of Hypertext (BREACH) Attack: Previously we learnt how CRIME attacks SSL/TLS using SSL/TLS compression. Now we look at […]

Compression Ratio Info-leak Made Easy (CRIME) attack: In the previous section we saw how the Chosen Plain-text attack was used to weaken the SSL/TLS protocol. […]

Recently there has been a lot of news about a new SSL/TLS based attacks which was demonstrated in this year’s BlackHat conference. The attack was […]

Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons […]