latest articles | Beagle Security Blog

Latest Articles

Email injection attack: Impact, example & prevention

24 Mar 2023

Continue reading

What are the common REST API security vulnerabilities?

08 Mar 2023

The 7 Best Veracode Alternatives in the Market Today

06 Feb 2023

DAST vs SAST: What are the differences and how to combine them

26 Jan 2023

Internal Penetration Testing: The Definitive Guide [2023]

19 Jan 2023

The Role of Bug Tracking in Ensuring Your Web Application's Security

11 Jan 2023

What is continuous penetration testing? Benefits & implementation

04 Jan 2023

Personal Data Protection bill explained with seven expert opinions

28 Dec 2022

Crucial Components for a Web Application Security Assessment

19 Dec 2022

Access Control Request Headers

11 Dec 2022

06 Dec 2022

Top Black Friday and Cyber Monday SaaS Deals [2022]

21 Nov 2022

Patch released for the critical OpenSSL vulnerability (CVE-2022-3602 & CVE-2022-3786)

02 Nov 2022

Beagle Security is now a CERT-In Empaneled Information Security Audit Provider

29 Sep 2022

26 Sep 2022

How CISCO got Attacked by Yanluowang Ransomware Gang

18 Aug 2022

Zero-Day Vulnerabilities in Web Applications

18 Jul 2022

How DevSecOps is a Key Enabler for Digital Transformation

10 Jul 2022

OWASP top ten 2017

04 Jul 2022

External redirection

02 Jul 2022

WordPress Plugin Reflected Cross Site Scripting

29 Jun 2022

WordPress Authenticated SQL Injection

29 Jun 2022

Session Fixation Attack

29 Jun 2022

Remote File Inclusion

29 Jun 2022

Old Backup and Unreferenced files

29 Jun 2022

Beagle Security named a Leader in G2 Summer 2022 Reports

28 Jun 2022

WordPress arbitrary file upload and download

26 Jun 2022

WordPress MediaElement Cross-Site Scripting

26 Jun 2022

WordPress Default localhost vulnerability

26 Jun 2022

WordPress Authenticated JavaScript File Upload

26 Jun 2022

Insecure FrontPage extension configuration

26 Jun 2022

Virtual hosts found

24 Jun 2022

Server-Side Includes (SSI) Injection

24 Jun 2022

Missing Function Level Access Control OWASP 2013

24 Jun 2022

Lack of HTTP Strict Transport Security(HSTS)

24 Jun 2022

Information leakage using meta tag

24 Jun 2022

Cross-site request forgery attack

24 Jun 2022

HTTP Strict Transport Security (HSTS) header set to less than six months

22 Jun 2022

X-XSS-Protection

X-XSS-Protection header invalid

19 Jun 2022

Renegotiation allowing to insert data into HTTPS sessions

19 Jun 2022

Lucky Thirteen attack against implementations of the Transport Layer Security

19 Jun 2022

HTTP Strict Transport Security (HSTS) header on the invalid certificate chain

19 Jun 2022

19 Jun 2022

Cross-Origin Resource Sharing implemented with universal access

19 Jun 2022

Content Security Policy

Content Security Policy implemented with unsafe inline

19 Jun 2022

Content Security Policy (CSP) implemented with unsafe-eval

19 Jun 2022

Content Security Policy

Content Security Policy (CSP) implemented with insecure scheme

19 Jun 2022

Content Security Policy

Content Security Policy (CSP) header cannot be parsed successfully

19 Jun 2022

Content Security Policy (CSP) implemented with the insecure scheme in passive content only

19 Jun 2022

8 Login Tips to Stay Safe Online

16 Jun 2022

Spring4Shell Vulnerability: Analysis and Mitigation

08 Jun 2022

Referrer-Policy header cannot be recognized

05 Jun 2022

Client Side URL Redirect

/

Redirection from HTTP to HTTPS to a different host preventing HSTS

05 Jun 2022

Zoom Patches “Zero-Click” RCE Bug

31 May 2022

A Comprehensive Guide to Web Application Security

26 May 2022

WordPress Multiple Themes Privilege Escalation

26 May 2022

Revealing phpinfo()

24 May 2022

Two-factor authentication: How Beagle Security handles 2FA security testing

08 May 2022

X-Content-Type-Options header not implemented

05 May 2022

X-Content-Type-Options header cannot be recognized

05 May 2022

SQL injection(SQLi)

04 May 2022

Symantec SSL/TLS check

02 May 2022

Reflected Cross Site Scripting

02 May 2022

PHP session.use_trans_sid Session Hijacking

02 May 2022

PHP expose_php is on

02 May 2022

PHP default_charset is none

02 May 2022

Memcache injection

02 May 2022

WordPress Slider Revolution Local File Disclosure

26 Apr 2022

WordPress Host header attack

26 Apr 2022

24 Apr 2022

State of Application Security in the IT Sector

19 Apr 2022

Website contains Mercurial metadata directory

19 Apr 2022

Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely

19 Apr 2022

Logjam attack against the TLS protocol

19 Apr 2022

Factoring RSA Export Keys (FREAK) Attack

19 Apr 2022

Cyber Security Threats and Best Practices for Remote Workers

13 Apr 2022

Fingerprinting Web Server

04 Apr 2022

Phpinfo() PHP Magic Quotes Gpc is On

02 Apr 2022

Phpinfo() Memory Limit

02 Apr 2022

TLS Safari compatibility

02 Apr 2022

TLS Internet Explorer compatibility

02 Apr 2022

Server Vulnerabilities And Misconfiguration For Sensitive Information

02 Apr 2022

Server Certificate Validation Through OCSP Stapling

02 Apr 2022

Generic Map Nomatch

02 Apr 2022

What is Shift Left Security? Benefits and Best Practices

01 Apr 2022

Common Backdoors

29 Mar 2022

Sensitive Data Exposure OWASP 2013

24 Mar 2022

Why is penetration testing important for businesses?

09 Mar 2022

WordPress User enumeration

05 Mar 2022

WordPress Improper handling of post metadata check

02 Mar 2022

Test For Checking CGI Force Redirect

02 Mar 2022

Remote administrative access

02 Mar 2022

Beagle Security listed among G2’s Best Security Products 2022

10 Feb 2022

What is ModSecurity? Installation Guide for Apache on Ubuntu

08 Feb 2022

PwnKit (CVE-2021-4034): Linux system service bug

25 Jan 2022

Web Cache Deception

16 Jan 2022

Beagle Security named a Leader in G2's Winter 2022 Report

08 Jan 2022

Why Automate Web Application Security Testing?

07 Jan 2022

Web Cache Poisoning

01 Jan 2022

OWASP Top 10 2021

29 Dec 2021

5 Biggest Data Breaches of 2021

18 Dec 2021

Log4j Vulnerability

13 Dec 2021

Cookie Theft: Phishing Campaign Targets YouTube Creators

22 Nov 2021

22 Nov 2021

The Spy Write-up

20 Nov 2021

20 Nov 2021

Rocket Write-up

20 Nov 2021

Murder Write-up

20 Nov 2021

20 Nov 2021

International Space Station Write-up

20 Nov 2021

Farness Write-up

20 Nov 2021

LockBox Write-up

20 Nov 2021

File Inclusion Vulnerabilities

31 Oct 2021

Beagle Security Cosmog: Penetration testing for internal web apps

19 Oct 2021

Apache HTTP Server Path Traversal and Remote Code Execution

18 Oct 2021

Microsoft MSHTML Remote Code Execution Vulnerability

13 Oct 2021

Domain Spoofing: Types and How to Prevent Them

20 Sep 2021

API Security Testing: Importance, Risks and Best Practices

27 Aug 2021

14 Jul 2021

HTTP Request Smuggling

09 Jun 2021

Vulnerable Javascript Library

08 Jun 2021

Serverless Computing: Security and Challenges

31 May 2021

Cross Domain JavaScript Source File Inclusion

21 May 2021

Htaccess Bypass

30 Apr 2021

Insecure File Upload

27 Apr 2021

Content security policy

Content Security Policy (CSP): Use Cases and Examples

20 Apr 2021

Remote Code Execution (RCE)

08 Apr 2021

Building Application Security in the Azure DevOps Pipeline

10 Feb 2021

How to Improve Web Application Security?

29 Jan 2021

How AI is Transforming Cyber Security

20 Jan 2021

Here's What You Need to Know About WhatsApp's New Privacy Policy

10 Jan 2021

Session Security

29 Dec 2020

Server Side Request Forgery Attack

15 Dec 2020

Man-in-the-Middle (MITM) Attack: Types, Techniques and Prevention

03 Dec 2020

How to Respond to a Cyber Attack?

23 Nov 2020

Nginx Server Security: Nginx Hardening Guide

13 Nov 2020

CMS Vulnerabilities: Why are CMS platforms common hacking targets?

05 Nov 2020

Container security

Docker Container Security: Attacking Docker Vulnerabilities

29 Oct 2020

10 Common WordPress Errors That Should be Fixed

19 Oct 2020

Machine Learning for Web Automation

09 Oct 2020

5 Biggest Data Breaches of 2020

16 Sep 2020

How to Store and Secure Sensitive Data in Web Applications

07 Sep 2020

SMBGhost Vulnerability (CVE-2020-0796)

31 Aug 2020

PHP-FPM Vulnerability (CVE-2019-11043) with NGINX

31 Aug 2020

Secure Firewall Configuration for Web Applications

25 Aug 2020

Social Engineering Attacks: Techniques, Examples and Prevention

13 Aug 2020

DMARC Security: Securing Email With DMARC

03 Aug 2020

WordPress Security: Vulnerabilities and How to Improve Security

21 Jul 2020

Information Leakage

SIGRed: Microsoft DNS Server RCE Vulnerability

15 Jul 2020

Information Leakage

DNS Zone Transfer Vulnerability

14 Jul 2020

Importance of TLS 1.3: SSL and TLS Vulnerabilities

06 Jul 2020

Hardening Server Security By Implementing Security Headers

27 Jun 2020

Apache Web Server Hardening

15 Jun 2020

/

Artificial Intelligence in Cyber Security

26 May 2020

Covid-19 Cyber Attacks: How Attackers are Exploiting the Crisis

23 Apr 2020

/

Why Small Businesses Should Invest in Cybersecurity?

05 Jan 2020

/

5 Ways to Improve Your Web Application Security in 2020

01 Jan 2020

Client Side URL Redirect

/

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

06 Nov 2019

High Severity Flaws Discovered in Nvidia Shield TV and Intel NUCs

14 Oct 2019

Critical RCE Vulnerability Found in iTerm2 MacOS Terminal Emulator App

12 Oct 2019

Beagle Security is Ready: Web Application Security Testing Solution

02 Oct 2019

Beagle Beta is ready

04 Jul 2018

SecDevOps vs DevSecOps

04 Jul 2018

WordPress Versions

04 Jul 2018

WordPress Themes

04 Jul 2018

WordPress Plugin Vulnerabilities

04 Jul 2018

Union Query SQL Injection (SQLi)

04 Jul 2018

Transport Layer Security

04 Jul 2018

The unseen Drupal

04 Jul 2018

TLS(Transport Layer Security) protocol version outdated

04 Jul 2018

Stacked Queries SQL Injection (SQLi)

04 Jul 2018

SSL(Secure Sockets Layer) protocol version outdated

04 Jul 2018

SRI HTML not parsable

04 Jul 2018

PHP Config contain database IDs and passwords.

04 Jul 2018

Inline Queries SQL Injection (SQLi)

04 Jul 2018

Information leakage of the web application's directory or folder path

04 Jul 2018

Error based SQL Injection (SQLi)

04 Jul 2018

Cookies Attributes

Cookie session without 'Secure' flag

04 Jul 2018

Boolean based Blind SQL Injection (SQLi)

04 Jul 2018

OWASP top ten 2013

04 Jul 2018

Application Threat Modeling

04 Jul 2018

Intelligent Security Testing

03 Jul 2018

Phpinfo() Upload Max Filesize

02 Jul 2018

Phpinfo() Open Base Directory Is Disabled

02 Jul 2018

Vignette Content Management Vulnerabilty

02 Jul 2018

User Information Disclosure

02 Jul 2018

Ultimate PHP Board Data Disclosure

02 Jul 2018

US Social Security Number disclosure

02 Jul 2018

Test for XML-RPC Interface

02 Jul 2018

Test For Oracle Application Server

02 Jul 2018

Upload Temp Directory is Everyone

02 Jul 2018

Test For Checking Session Cookie Httponly

02 Jul 2018

Test For Checking Magic Quotes Gpc is On

02 Jul 2018

Test For Checking File Uploads

02 Jul 2018

TLS OpenSSL compatibility

02 Jul 2018

TLS Firefox compatibility

02 Jul 2018

TLS Edge compatibility

02 Jul 2018

TLS Chrome compatibility

02 Jul 2018

TLS Android compatibility

02 Jul 2018

Stored Cross Site Scripting

02 Jul 2018

SSL Compression Methods

02 Jul 2018

Private IP Address Disclosure

02 Jul 2018

Potential Web Backdoor

02 Jul 2018

Password Autocomplete in Browser

02 Jul 2018

Parameter Tampering

02 Jul 2018

PHP session.save_path Security Restriction Bypass

02 Jul 2018

PHP session.hash_function is SHA

02 Jul 2018

PHP session.hash_function is MD5

02 Jul 2018

PHP register-globals is enabled

02 Jul 2018

PHP post_max_size show phpinfo()

02 Jul 2018

PHP display_errors is on

02 Jul 2018

PHP disable_functions Executable Handling

02 Jul 2018

PHP code injection

02 Jul 2018

PHP cURL Security Bypass

02 Jul 2018

PHP allow_url_include is enabled

02 Jul 2018

PHP allow_url_fopen is enabled

02 Jul 2018

PHP Higher Privilege execution

02 Jul 2018

Old TLS backward compatibility

02 Jul 2018

Modern TLS compatibility

02 Jul 2018

Missing Fallback Signaling Cipher Suite Value

02 Jul 2018

Microsoft Site Server Information Disclosure

02 Jul 2018

Microsoft RDS Arbitrary Remote Command Execution

02 Jul 2018

Meridian Integrated Personal Call Director Password Disclosure

02 Jul 2018

Joomla common log files

02 Jul 2018

Joomla admin page

02 Jul 2018

Joomla User Registration Process

02 Jul 2018

Joomla Debug Mode status

02 Jul 2018

Joomla Core vulnerability

02 Jul 2018

Intermediate TLS compatibility

02 Jul 2018

02 Jul 2018

Email address disclosure

02 Jul 2018

Dl PHP cgi.force_redirect disabled

02 Jul 2018

Cross origin Resource Sharing Implemented With Public Access

02 Jul 2018

Cross Origin Resource Sharing Not Implemented

02 Jul 2018

Cross Origin Resource Sharing Implemented With Restricted Access

02 Jul 2018

Credit Card number disclosure

02 Jul 2018

Content Type Header Missing

02 Jul 2018

Captcha Image Detected

02 Jul 2018

Bash Command Injection

02 Jul 2018

Application Error Disclosure

02 Jul 2018

Administration page exposure

02 Jul 2018

.htaccess LIMIT misconfiguration

29 Jun 2018

XML EXternal Entity injection

29 Jun 2018

WordPress Theme 'Elegant' Privilege Escalation

29 Jun 2018

WordPress Stored Cross-Site Scripting (XSS)

29 Jun 2018

WordPress Server Side Request Forgery

29 Jun 2018

WordPress SQL Injection

29 Jun 2018

WordPress PHP Object Injection

29 Jun 2018

WordPress Directory Traversal Attack

29 Jun 2018

Blind SQL Injection

WordPress Blind SQL Injection

29 Jun 2018

WordPress Authentication Bypass

29 Jun 2018

Unvalidated Document Object Model redirection

29 Jun 2018

Publicly Writable Directory

29 Jun 2018

Origin Spoof Access Restriction Bypass

29 Jun 2018

Insecure RIA cross domain policy

29 Jun 2018

Source code disclosure

29 Jun 2018

Document Object Model Based Cross Site Scripting

29 Jun 2018

Directory Traversal

29 Jun 2018

Common Administration Interfaces

29 Jun 2018

29 Jun 2018

Brute Force In IIS (Internet Information Services)

29 Jun 2018

Blind OS Command Injection Using Timing Attacks

29 Jun 2018

Wordpress Themes Email Spoofing

26 Jun 2018

WordPress unsafe redirect for login

26 Jun 2018

WordPress unpatched Denial Of Service (DoS)

26 Jun 2018

WordPress WPDB SQL Injection

26 Jun 2018

WordPress VideoJS plugins Cross-site Scripting (XSS)

26 Jun 2018

WordPress Themes Information Disclosure

26 Jun 2018

WordPress Slider Revolution Shell Upload

26 Jun 2018

WordPress Refraction Theme Multiple Vulnerabilities

26 Jun 2018

WordPress Reflected Cross-Site Scripting

26 Jun 2018

WordPress RSS and Atom Feed Escaping

26 Jun 2018

WordPress Plugin VideoJS and Cross Site Scripting

26 Jun 2018

WordPress Open Redirect

26 Jun 2018

WordPress Large File Upload Error XSS

26 Jun 2018

WordPress Key Weak Hashing

26 Jun 2018

WordPress Insufficient redirect validation

26 Jun 2018

WordPress HTML Language Attribute Escaping

26 Jun 2018

WordPress Filesystem Credentials Dialog CSRF

26 Jun 2018

WordPress Escape Version in Generator Tag

26 Jun 2018

Directory traversal

WordPress Directory traversal

26 Jun 2018

WordPress Cross-Site Scripting

26 Jun 2018

Ghostcat Vulnerability (CVE-2020–1938)

26 Jun 2018

Format string vulnerability

26 Jun 2018

26 Jun 2018

Document Object Model Cross Site Scripting on WordPress

26 Jun 2018

Authentication Bypass and Stored Cross Site Scripting

26 Jun 2018

PhpMyExplorer Directory traversal

24 Jun 2018

XPath Injection

24 Jun 2018

WebDAV Detection

24 Jun 2018

Using Components with Known Vulnerabilities

24 Jun 2018

Unvalidated Redirects and Forwards

24 Jun 2018

Unsecured HTTP cookies

24 Jun 2018

Unsafe preg_replace usage

24 Jun 2018

Unhandled error in web application

24 Jun 2018

Uncommon query string parameter

24 Jun 2018

Shellshock vulnerability

24 Jun 2018

Sensitive Data Exposure

24 Jun 2018

Rosetta flash vulnerability

24 Jun 2018

Remote OS Command Injection

24 Jun 2018

Regular expression Denial of Service vulnerability

24 Jun 2018

Reflected File Download vulnerability

24 Jun 2018

Potentially dangerous file

24 Jun 2018

Phishing vector vulnerability found

24 Jun 2018

PHP-Gastebuch Disclosing System Information

24 Jun 2018

24 Jun 2018

Local File Inclusion

24 Jun 2018

Lightweight Directory Access Protocol (LDAP) injection

24 Jun 2018

Lack of wildcard DNS entry found

24 Jun 2018

Insufficient Logging And Monitoring

24 Jun 2018

Insecure Redirection

24 Jun 2018

Insecure Direct Object References

24 Jun 2018

Insecure Deserialization

24 Jun 2018

Information sent using unencrypted channels

24 Jun 2018

IMAP/SMTP Injection

24 Jun 2018

HTTP response header injection

24 Jun 2018

HTTP Response Splitting Vulnerability

24 Jun 2018

HTTP Method Vulnerability Found

24 Jun 2018

Guessable credentials found

24 Jun 2018

Full Path Disclosure vulnerability

24 Jun 2018

Database can be read without authentication

24 Jun 2018

Cross-Site Tracing (XST) vulnerability

24 Jun 2018

Cross Site Scripting

24 Jun 2018

Common Gateway Interface Vulnerability

24 Jun 2018

Buffer overflow vulnerability

24 Jun 2018

Broken Authentication

24 Jun 2018

Broken Access Control

24 Jun 2018

Auto complete not disabled

24 Jun 2018

X-XSS-Protection

X-XSS-Protection Not Implemented

19 Jun 2018

Website contains SVN metadata directory

19 Jun 2018

Website contains Git metadata directory

19 Jun 2018

/

Web based mail package

19 Jun 2018

Tickets option leak uninitialised memory

19 Jun 2018

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

19 Jun 2018

The DROWN attack

19 Jun 2018

Subresource Integrity (SRI) implemented, but external scripts are loaded over http

19 Jun 2018

Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely

19 Jun 2018

Site did not return a status code of 200

19 Jun 2018

/

Cookies Attributes

Session Cookie set without 'Secure' Flag but protected by HSTS

19 Jun 2018

19 Jun 2018

ROBOT attack (Bleichenbacher RSA)

19 Jun 2018

Processing of Change Cipher Spec

19 Jun 2018

Obtain plaintext by observing length differences

19 Jun 2018

Logjam common primes

19 Jun 2018

Information Leakage

Information leakage in EXIF data of images

19 Jun 2018

Heartbleed vulnerability

19 Jun 2018

HTTP Strict Transport Security (HSTS) header not implemented

19 Jun 2018

HTTP Strict Transport Security header not available over HTTPS

19 Jun 2018

HTTP Strict Transport Security (HSTS) header cannot be recognised

19 Jun 2018

HTTP Public Key Pinning (HPKP) header cannot be recognised

19 Jun 2018

Fingerprinting Web Application Framework using HTTP headers

19 Jun 2018

Cross-Origin Resource Sharing XML cannot be parsed

19 Jun 2018

Cookies Attributes

Cookies SameSite flag invalid

19 Jun 2018

Cookie without 'Secure' flag but protect by HSTS

19 Jun 2018

Cookies Attributes

Cookie set without 'Secure' flag

19 Jun 2018

/

Cookies Attributes

Cookie anti-CSRF flag without SameSite flag

19 Jun 2018

Content Security Policy

Content Security Policy (CSP) header not implemented

19 Jun 2018

/

19 Jun 2018

Browser Exploit Against SSL/TLS

19 Jun 2018

/

Time Based Blind SQL Injection

Time based Blind SQL Injection (SQLi)

05 Jun 2018

/

/

IBM DB Boolean based blind sql injection

05 Jun 2018

Cookies Attributes

Cookie session without 'HttpOnly' flag

05 Jun 2018

X-XSS-Protection header disabled

05 Jun 2018

X-Frame-Options header not implemented

05 Jun 2018

X-Frame-Options header cannot be recognized

05 Jun 2018

Referrer-Policy header unsafely

05 Jun 2018

Client Side URL Redirect

Redirects to HTTPS eventually, but initial redirection is to another HTTP URL

05 Jun 2018

Client Side URL Redirect

Redirects, but final destination is not an HTTPS URL.

05 Jun 2018

Client Side URL Redirect

Invalid certificate chain encountered during redirection

05 Jun 2018

Client Side URL Redirect

Does not redirect to a HTTPS site from HTTP port

05 Jun 2018

Beagle Security helps you to proactively secure your web apps & APIs

with automated penetration testing & actionable remediation insights.