Latest articles

Stay up-to-date with the most recent insights and developments in the world of application security. Our latest articles cover cutting-edge techniques, emerging threats, and innovative solutions to help you fortify your applications.

X-frames options header cannot be recognized

Cyber Security Lead Engineer

Revealing phpinfo()

Cyber Security Lead Engineer

ThinkCMF-LFI vulnerability

ThinkCMF-LFI vulnerability

Cyber Security Engineer

Captcha image detected

Captcha image detected

Cyber Security Lead Engineer

Apache Tomcat Remote Code Execution (RCE)

Apache Tomcat Remote Code Execution (RCE)

Cyber Security Engineer

Uncommon query string parameter

Uncommon query string parameter

Co-founder, Director

Unsecured HTTPS cookies

Unsecured HTTPS cookies

Co-founder, Director

Apache Struts 2 S2 –008 RCE1

Apache Struts 2 S2 –008 RCE1

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

How to integrate DAST into your GitLab CI/CD pipeline?

How to integrate DAST into your GitLab CI/CD pipeline?

Product Marketing Specialist

X-XSS-protection header disabled

X-XSS-protection header disabled

Co-founder, Director

Browser exploit against SSL/TLS (BEAST attack)

Browser exploit against SSL/TLS (BEAST attack)

Cyber Security Engineer

Invalid certificate chain encountered during redirection

Invalid certificate chain encountered during redirection

Cyber Security Engineer

X-Frame options header not implemented

X-Frame options header not implemented

Co-founder, Director

Credit card number disclosure

Credit card number disclosure

Cyber Security Lead Engineer

Application error disclosure

Application error disclosure

Cyber Security Lead Engineer

Brute force in IIS

Brute force in IIS

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

What are the most common use cases of AI and ML?

What are the most common use cases of AI and ML?

Product Marketing Specialist

Common gateway interface vulnerability

Common gateway interface vulnerability

Cyber Security Lead Engineer

Bash command injection

Bash command injection

Cyber Security Lead Engineer

Potential web backdoor

Potential web backdoor

Cyber Security Engineer

Directory traversal attacks

Directory traversal attacks

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

XML external entity injection

XML external entity injection

Cyber Security Lead Engineer

SSL compression methods

SSL compression methods

Cyber Security Engineer

User information disclosure

User information disclosure

Cyber Security Engineer

Product Marketing Specialist

Source code disclosure

Source code disclosure

Cyber Security Engineer

OWASP Top 10 for mobile applications 2024

OWASP Top 10 for mobile applications 2024

Product Marketing Specialist

Remote OS Command injection

Remote OS Command injection

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Memcached Injection

Memcached Injection

Cyber Security Engineer

Lack of HTTP Strict Transport Security (HSTS)

Lack of HTTP Strict Transport Security (HSTS)

Cyber Security Engineer

Insecure RIA cross domain policy

Insecure RIA cross domain policy

Cyber Security Lead Engineer

Buffer overflow vulnerability

Buffer overflow vulnerability

Cyber Security Engineer

GraphQl attacks and vulnerabilities

GraphQl attacks and vulnerabilities

Cyber Security Engineer

GraphQl attacks and vulnerabilities

GraphQl attacks and vulnerabilities

Cyber Security Engineer

Full path disclosure (FPD) vulnerability

Full path disclosure (FPD) vulnerability

Cyber Security Engineer

Logjam attack against the TLS protocol

Logjam attack against the TLS protocol

Cyber Security Engineer

Private IP address disclosure

Private IP address disclosure

Cyber Security Engineer

What is authenticated vulnerability scanning?

What is authenticated vulnerability scanning?

Product Marketing Specialist

Disabling executable handling in PHP with disable_function

Disabling executable handling in PHP with disable_function

Cyber Security Engineer

Cross-site tracing (XST) vulnerability

Cross-site tracing (XST) vulnerability

Cyber Security Engineer

Email address disclosure

Email address disclosure

Cyber Security Engineer

Why DAST needs reinvention?

Why DAST needs reinvention?

Product Marketing Specialist

Domain spoofing: Types and how to prevent them

Domain spoofing: Types and how to prevent them

The DROWN attack

The DROWN attack

Co-founder, Director

Remote file inclusion

Remote file inclusion

Cyber Security Engineer

Authenticated vs unauthenticated scans

Authenticated vs unauthenticated scans

Product Marketing Specialist

What is SaaS penetration testing?

What is SaaS penetration testing?

Product Marketing Specialist

Cyber Security Engineer

Virtual hosts vulnerability

Virtual hosts vulnerability

Cyber Security Engineer

Secrets at the Command Line

Secrets Management

Secrets at the Command Line

Cyber Security Lead Engineer

DevSecOps Vs SecDevOps

DevSecOps Vs SecDevOps

Product Marketing Specialist

Secrets in Terraform

Secrets Management

Secrets in Terraform

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Secrets in Jenkins

Secrets Management

Secrets in Jenkins

DevSecOps Engineer

What is HTTP Response Header Injection?

What is HTTP Response Header Injection?

Product Marketing Specialist

Insecure Redirection

Insecure Redirection

Product Marketing Specialist

What is Shellshock vulnerability?

What is Shellshock vulnerability?

Product Marketing Specialist

Secrets in Kubernetes

Secrets Management

Secrets in Kubernetes

Cyber Security Lead Engineer

Secrets Management

Cyber Security Engineer

How to handle secrets in Python?

Secrets Management

How to handle secrets in Python?

Cyber Security Engineer

How to handle secrets in docker?

Secrets Management

How to handle secrets in docker?

Cyber Security Engineer

A guide to Secrets operations (SOPS)

Secrets Management

A guide to Secrets operations (SOPS)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Broken Access Control

Broken Access Control

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

ROBOT Attack (Breitenbacher RSA)

ROBOT Attack (Breitenbacher RSA)

Nikhil Anilkumar

Nikhil Anilkumar

DevSecOps Engineer

Format String Vulnerability

Format String Vulnerability

Cyber Security Engineer

What is phishing and how to stay safe?

What is phishing and how to stay safe?

Product Marketing Specialist

DOME CTF: Boosting ethical hacking & Beagle Security platform’s R&D

DOME CTF: Boosting ethical hacking & Beagle Security platform’s R&D

Product Marketing Specialist

7 limitations of vulnerability scanners

7 limitations of vulnerability scanners

Product Marketing Specialist

Clickjacking attack

Clickjacking attack

Cyber Security Engineer

Vulnerability management using AI

Vulnerability management using AI

Benefits of credentialed scans

Benefits of credentialed scans

Product Marketing Specialist

Why DAST should be the cornerstone of your application security program?

Why DAST should be the cornerstone of your application security pro...

Product Marketing Specialist

What are the common REST API security vulnerabilities?

What are the common REST API security vulnerabilities?

Cyber Security Engineer

The 7 Best Veracode Alternatives in the Market Today

The 7 Best Veracode Alternatives in the Market Today

Marketing Associate

DAST vs SAST: What are the differences and how to combine them

DAST vs SAST: What are the differences and how to combine them

Cyber Security Engineer

The Role of Bug Tracking in Ensuring Your Web Application's Security

The Role of Bug Tracking in Ensuring Your Web Application's Security

Head of Marketing, Bugasura

What is continuous penetration testing? Benefits & implementation

What is continuous penetration testing? Benefits & implementation

Marketing Associate

Personal Data Protection bill explained with seven expert opinions

Personal Data Protection bill explained with seven expert opinions

Content Specialist

Crucial Components for a Web Application Security Assessment

Crucial Components for a Web Application Security Assessment

Cyber Security Engineer

Access Control Request Headers

Access Control Request Headers

Nikhil Anilkumar

Nikhil Anilkumar

DevSecOps Engineer

Nikhil Anilkumar

Nikhil Anilkumar

DevSecOps Engineer

Patch released for the critical OpenSSL vulnerability (CVE-2022-3602 & CVE-2022-3786)

Patch released for the critical OpenSSL vulnerability (CVE-2022-360...

Content Specialist

Beagle Security is now a CERT-In Empaneled Information Security Audit Provider

Beagle Security is now a CERT-In Empaneled Information Security Aud...

Co-founder, Director

Content Specialist

How CISCO got Attacked by Yanluowang Ransomware Gang

How CISCO got Attacked by Yanluowang Ransomware Gang

Content Specialist

Zero-Day Vulnerabilities in Web Applications

Zero-Day Vulnerabilities in Web Applications

How DevSecOps is a Key Enabler for Digital Transformation

How DevSecOps is a Key Enabler for Digital Transformation

Cyber Security Engineer

OWASP top ten 2017

OWASP top ten 2017

Cyber Security Engineer

WordPress Plugin Reflected Cross Site Scripting

WordPress Plugin Reflected Cross Site Scripting

Cyber Security Engineer

WordPress Authenticated SQL Injection

WordPress Authenticated SQL Injection

Cyber Security Engineer

Beagle Security named a Leader in G2 Summer 2022 Reports

Beagle Security named a Leader in G2 Summer 2022 Reports

Missing Function Level Access Control OWASP 2013

Missing Function Level Access Control OWASP 2013

Cyber Security Engineer

Cross-site request forgery attack

Cross-site request forgery attack

Co-founder, Director

HTTP Strict Transport Security (HSTS) header set to less than six months

HTTP Strict Transport Security (HSTS) header set to less than six m...

Cyber Security Engineer

X-XSS-Protection header invalid

X-XSS-Protection

X-XSS-Protection header invalid

Co-founder, Director

Renegotiation allowing to insert data into HTTPS sessions

Renegotiation allowing to insert data into HTTPS sessions

Co-founder, Director

Lucky Thirteen attack against implementations of the Transport Layer Security

Lucky Thirteen attack against implementations of the Transport Laye...

Cyber Security Engineer

HTTP Strict Transport Security (HSTS) header on the invalid certificate chain

HTTP Strict Transport Security (HSTS) header on the invalid certifi...

Co-founder, Director

Cross-Origin Resource Sharing implemented with universal access

Cross-Origin Resource Sharing implemented with universal access

Co-founder, Director

Content Security Policy implemented with unsafe inline

Content Security Policy

Content Security Policy implemented with unsafe inline

Co-founder, Director

Content Security Policy (CSP) implemented with insecure scheme

Content Security Policy

Content Security Policy (CSP) implemented with insecure scheme

Cyber Security Lead Engineer

Content Security Policy (CSP) header cannot be parsed successfully

Content Security Policy

Content Security Policy (CSP) header cannot be parsed successfully

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

8 Login Tips to Stay Safe Online

8 Login Tips to Stay Safe Online

Content Writer at Software Tested

Spring4Shell Vulnerability: Analysis and Mitigation

Spring4Shell Vulnerability: Analysis and Mitigation

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Redirection from HTTP to HTTPS to a different host preventing HSTS

Client Side URL Redirect

Redirection from HTTP to HTTPS to a different host preventing HSTS

Cyber Security Lead Engineer

Redirection from HTTP to HTTPS to a different host preventing HSTS

Client Side URL Redirect

Redirection from HTTP to HTTPS to a different host preventing HSTS

Cyber Security Lead Engineer

A Comprehensive Guide to Web Application Security

A Comprehensive Guide to Web Application Security

Customer Service Manager at SSL2BUY

Two-factor authentication: How Beagle Security handles 2FA security testing

Two-factor authentication: How Beagle Security handles 2FA security...

SQL injection(SQLi)

SQL injection(SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

State of Application Security in the IT Sector

State of Application Security in the IT Sector

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Website contains Mercurial metadata directory

Website contains Mercurial metadata directory

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely

Sub resource Integrity (SRI) not implemented but all external scrip...

Cyber Security Engineer

Factoring RSA Export Keys (FREAK) Attack

Factoring RSA Export Keys (FREAK) Attack

Cyber Security Engineer

Cyber Security Threats and Best Practices for Remote Workers

Cyber Security Threats and Best Practices for Remote Workers

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Fingerprinting Web Server

Fingerprinting Web Server

Co-founder, Director

Sensitive Data Exposure OWASP 2013

Sensitive Data Exposure OWASP 2013

Cyber Security Lead Engineer

Beagle Security listed among G2’s Best Security Products 2022

Beagle Security listed among G2’s Best Security Products 2022

What is ModSecurity? Installation Guide for Apache on Ubuntu

What is ModSecurity? Installation Guide for Apache on Ubuntu

Cyber Security Engineer

Beagle Security named a Leader in G2's Winter 2022 Report

Beagle Security named a Leader in G2's Winter 2022 Report

Why Automate Web Application Security Testing?

Why Automate Web Application Security Testing?

Co-founder, Director

OWASP Top 10 2021

OWASP Top 10 2021

Content Specialist

Cookie Theft: Phishing Campaign Targets YouTube Creators

Cookie Theft: Phishing Campaign Targets YouTube Creators

Software Engineer

Content Specialist

The Spy Write-up

The Spy Write-up

Cyber Security Lead Engineer

Cyber Security Lead Engineer

Rocket Write-up

Rocket Write-up

DevSecOps Engineer

Murder Write-up

Murder Write-up

International Space Station Write-up

International Space Station Write-up

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Farness Write-up

Farness Write-up

LockBox Write-up

LockBox Write-up

Cyber Security Engineer

Apache HTTP Server Path Traversal and Remote Code Execution

Apache HTTP Server Path Traversal and Remote Code Execution

Cyber Security Engineer

Microsoft MSHTML Remote Code Execution Vulnerability

Microsoft MSHTML Remote Code Execution Vulnerability

Cyber Security Engineer

Cyber Security Engineer

HTTP Request Smuggling

HTTP Request Smuggling

Co-founder, Director

Htaccess Bypass

Htaccess Bypass

Cyber Security Lead Engineer

Content Security Policy (CSP): Use Cases and Examples

Content Security Policy

Content Security Policy (CSP): Use Cases and Examples

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Remote Code Execution (RCE)

Remote Code Execution (RCE)

Co-founder, Director

Building Application Security in the Azure DevOps Pipeline

Building Application Security in the Azure DevOps Pipeline

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

How to Improve Web Application Security?

How to Improve Web Application Security?

Cyber Security Engineer

How AI is Transforming Cyber Security

How AI is Transforming Cyber Security

Here's What You Need to Know About WhatsApp's New Privacy Policy

Here's What You Need to Know About WhatsApp's New Privacy Policy

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

Session Security

Session Security

Server Side Request Forgery Attack

Server Side Request Forgery Attack

Sanjana Sanjeeva Shetty

Sanjana Sanjeeva Shetty

Security Engineer

Man-in-the-Middle (MITM) Attack: Types, Techniques and Prevention

Man-in-the-Middle (MITM) Attack: Types, Techniques and Prevention

Cyber Security Engineer

How to Respond to a Cyber Attack?

How to Respond to a Cyber Attack?

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

Nginx Server Security: Nginx Hardening Guide

Nginx Server Security: Nginx Hardening Guide

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

CMS Vulnerabilities: Why are CMS platforms common hacking targets?

CMS Vulnerabilities: Why are CMS platforms common hacking targets?

Cyber Security Engineer

Docker Container Security: Attacking Docker Vulnerabilities

Container security

Docker Container Security: Attacking Docker Vulnerabilities

Sanjana Sanjeeva Shetty

Sanjana Sanjeeva Shetty

Security Engineer

10 Common WordPress Errors That Should be Fixed

10 Common WordPress Errors That Should be Fixed

Director of Product Marketing,
WP Hacked Help

Machine Learning for Web Automation

Machine Learning for Web Automation

c0c0n XIII: DOME CTF 2020

c0c0n XIII: DOME CTF 2020

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

Hike to the Top Writeup

Hike to the Top Writeup

Cyber Security Engineer

Time Zone Writeup

Time Zone Writeup

DevSecOps Engineer

Cyber Security Lead Engineer

The Retrospect Writeup

The Retrospect Writeup

The Leaked List Writeup

The Leaked List Writeup

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cyber Security Engineer

Qropolis Writeup

Qropolis Writeup

DevSecOps Engineer

Anandhu Krishnan

Anandhu Krishnan

Mercure’s Signature Dish Writeup

Mercure’s Signature Dish Writeup

Security Engineer

JimmyBot Writeup

JimmyBot Writeup

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Inside Out Writeup

Inside Out Writeup

Foundation Palette Writeup

Foundation Palette Writeup

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Black Propagation Writeup

Black Propagation Writeup

Assemble Writeup

Assemble Writeup

Adleman's Doc Writeup

Adleman's Doc Writeup

Cyber Security Engineer

The Dark Times Writeup

The Dark Times Writeup

Cyber Security Lead Engineer

Frames & Stories Writeup

Frames & Stories Writeup

5 Biggest Data Breaches of 2020

5 Biggest Data Breaches of 2020

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

How to Store and Secure Sensitive Data in Web Applications

How to Store and Secure Sensitive Data in Web Applications

Secure Firewall Configuration for Web Applications

Secure Firewall Configuration for Web Applications

Cyber Security Engineer

WordPress Security: Vulnerabilities and How to Improve Security

WordPress Security: Vulnerabilities and How to Improve Security

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

SIGRed: Microsoft DNS Server RCE Vulnerability

Information Leakage

SIGRed: Microsoft DNS Server RCE Vulnerability

Cyber Security Engineer

DNS Zone Transfer Vulnerability

Information Leakage

DNS Zone Transfer Vulnerability

Cyber Security Engineer

Importance of TLS 1.3: SSL and TLS Vulnerabilities

Importance of TLS 1.3: SSL and TLS Vulnerabilities

Hardening Server Security By Implementing Security Headers

Hardening Server Security By Implementing Security Headers

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Apache Web Server Hardening

Apache Web Server Hardening

DevSecOps Engineer

Artificial Intelligence in Cyber Security

Artificial Intelligence in Cyber Security

Cyber Security Engineer

Artificial Intelligence in Cyber Security

Artificial Intelligence in Cyber Security

Cyber Security Engineer

Covid-19 Cyber Attacks: How Attackers are Exploiting the Crisis

Covid-19 Cyber Attacks: How Attackers are Exploiting the Crisis

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

Why Small Businesses Should Invest in Cybersecurity?

Why Small Businesses Should Invest in Cybersecurity?

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

Why Small Businesses Should Invest in Cybersecurity?

Why Small Businesses Should Invest in Cybersecurity?

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

5 Ways to Improve Your Web Application Security in 2020

5 Ways to Improve Your Web Application Security in 2020

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

5 Ways to Improve Your Web Application Security in 2020

5 Ways to Improve Your Web Application Security in 2020

Abey Koshy Itty

Abey Koshy Itty

Marketing Manager

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

Client Side URL Redirect

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

DevSecOps Engineer

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

Client Side URL Redirect

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

DevSecOps Engineer

High Severity Flaws Discovered in Nvidia Shield TV and Intel NUCs

High Severity Flaws Discovered in Nvidia Shield TV and Intel NUCs

Anandhu Krishnan

Anandhu Krishnan

Critical RCE Vulnerability Found in iTerm2 MacOS Terminal Emulator App

Critical RCE Vulnerability Found in iTerm2 MacOS Terminal Emulator App

Cyber Security Lead Engineer

WordPress Versions

WordPress Versions

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Themes

WordPress Themes

Cyber Security Engineer

WordPress Plugin Vulnerabilities

WordPress Plugin Vulnerabilities

Cyber Security Engineer

Union Query SQL Injection (SQLi)

Union Query SQL Injection (SQLi)

Cyber Security Engineer

Transport Layer Security

Transport Layer Security

Co-founder, Director

The unseen Drupal

The unseen Drupal

Cyber Security Lead Engineer

TLS(Transport Layer Security) protocol version outdated

TLS(Transport Layer Security) protocol version outdated

Co-founder, Director

Stacked Queries SQL Injection (SQLi)

Stacked Queries SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

SSL(Secure Sockets Layer) protocol version outdated

SSL(Secure Sockets Layer) protocol version outdated

Cyber Security Engineer

Inline Queries SQL Injection (SQLi)

Inline Queries SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Error based SQL Injection (SQLi)

Error based SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cookie session without 'Secure' flag

Cookies Attributes

Cookie session without 'Secure' flag

Co-founder, Director

Boolean based Blind SQL Injection (SQLi)

Boolean based Blind SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

OWASP top ten 2013

OWASP top ten 2013

Application Threat Modeling

Application Threat Modeling

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress SQL Injection

WordPress SQL Injection

Cyber Security Engineer

WordPress Blind SQL Injection

Blind SQL Injection

WordPress Blind SQL Injection

Cyber Security Engineer

Document Object Model Based Cross Site Scripting

Document Object Model Based Cross Site Scripting

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Directory traversal

Directory traversal

WordPress Directory traversal

Cyber Security Engineer

WordPress Cross-Site Scripting

WordPress Cross-Site Scripting

Co-founder, Director

Using Components with Known Vulnerabilities

Using Components with Known Vulnerabilities

Co-founder, Director

Unvalidated Redirects and Forwards

Unvalidated Redirects and Forwards

Co-founder, Director

Sensitive Data Exposure

Sensitive Data Exposure

Cyber Security Lead Engineer

Cyber Security Engineer

Lightweight Directory Access Protocol (LDAP) injection

Lightweight Directory Access Protocol (LDAP) injection

Cyber Security Engineer

Lack of wildcard DNS entry found

Lack of wildcard DNS entry found

Cyber Security Engineer

Insufficient Logging And Monitoring

Insufficient Logging And Monitoring

Cyber Security Engineer

Insecure Direct Object References

Insecure Direct Object References

Cyber Security Engineer

Insecure Deserialization

Insecure Deserialization

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cross Site Scripting

Cross Site Scripting

Co-founder, Director

Broken Authentication

Broken Authentication

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

X-XSS-Protection Not Implemented

X-XSS-Protection

X-XSS-Protection Not Implemented

Cyber Security Engineer

Website contains SVN metadata directory

Website contains SVN metadata directory

Cyber Security Lead Engineer

Website contains Git metadata directory

Website contains Git metadata directory

Cyber Security Engineer

Web based mail package

Web based mail package

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Web based mail package

Web based mail package

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Tickets option leak uninitialised memory

Tickets option leak uninitialised memory

Cyber Security Engineer

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

Cyber Security Engineer

Subresource Integrity (SRI) implemented, but external scripts are loaded over http

Subresource Integrity (SRI) implemented, but external scripts are l...

Cyber Security Lead Engineer

Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely

Subresource Integrity (SRI) is not implemented, and external script...

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Site did not return a status code of 200

Site did not return a status code of 200

Cyber Security Engineer

Session Cookie set without 'Secure' Flag but protected by HSTS

Cookies Attributes

Session Cookie set without 'Secure' Flag but protected by HSTS

Cyber Security Engineer

Session Cookie set without 'Secure' Flag but protected by HSTS

Cookies Attributes

Session Cookie set without 'Secure' Flag but protected by HSTS

Cyber Security Engineer

Co-founder, Director

Processing of Change Cipher Spec

Processing of Change Cipher Spec

Cyber Security Lead Engineer

Obtain plaintext by observing length differences

Obtain plaintext by observing length differences

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Logjam common primes

Logjam common primes

Cyber Security Engineer

Information leakage in EXIF data of images

Information Leakage

Information leakage in EXIF data of images

Co-founder, Director

Heartbleed vulnerability

Heartbleed vulnerability

Cyber Security Lead Engineer

HTTP Strict Transport Security (HSTS) header not implemented

HTTP Strict Transport Security (HSTS) header not implemented

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

HTTP Strict Transport Security header not available over HTTPS

HTTP Strict Transport Security header not available over HTTPS

Cyber Security Engineer

HTTP Strict Transport Security (HSTS) header cannot be recognised

HTTP Strict Transport Security (HSTS) header cannot be recognised

Cyber Security Engineer

Cross-Origin Resource Sharing XML cannot be parsed

Cross-Origin Resource Sharing XML cannot be parsed

Cyber Security Engineer

Cookies SameSite flag invalid

Cookies Attributes

Cookies SameSite flag invalid

Cyber Security Lead Engineer

Cookie without 'Secure' flag but protect by HSTS

Cookie without 'Secure' flag but protect by HSTS

Cyber Security Engineer

Cookie set without 'Secure' flag

Cookies Attributes

Cookie set without 'Secure' flag

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Cookie anti-CSRF flag without SameSite flag

Cookies Attributes

Cookie anti-CSRF flag without SameSite flag

Cyber Security Engineer

Cookie anti-CSRF flag without SameSite flag

Cookies Attributes

Cookie anti-CSRF flag without SameSite flag

Cyber Security Engineer

Content Security Policy (CSP) header not implemented

Content Security Policy

Content Security Policy (CSP) header not implemented

Cyber Security Engineer

Co-founder, Director

Co-founder, Director

Time based Blind SQL Injection (SQLi)

Time Based Blind SQL Injection

Time based Blind SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Time based Blind SQL Injection (SQLi)

Time Based Blind SQL Injection

Time based Blind SQL Injection (SQLi)

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

IBM DB Boolean based blind sql injection

IBM DB Boolean based blind sql injection

Cyber Security Lead Engineer

IBM DB Boolean based blind sql injection

IBM DB Boolean based blind sql injection

Cyber Security Lead Engineer

IBM DB Boolean based blind sql injection

IBM DB Boolean based blind sql injection

Cyber Security Lead Engineer

Cookie session without 'HttpOnly' flag

Cookies Attributes

Cookie session without 'HttpOnly' flag

Cyber Security Engineer

Redirects to HTTPS eventually, but initial redirection is to another HTTP URL

Client Side URL Redirect

Redirects to HTTPS eventually, but initial redirection is to anothe...

Co-founder, Director

Redirects, but final destination is not an HTTPS URL.

Client Side URL Redirect

Redirects, but final destination is not an HTTPS URL.

Co-founder, Director

Does not redirect to a HTTPS site from HTTP port

Client Side URL Redirect

Does not redirect to a HTTPS site from HTTP port

Manieendar Mohan

Manieendar Mohan

Cyber Security Lead Engineer

Experience the power of automated penetration testing & contextual reporting.