Latest articles

Stay up-to-date with the most recent insights and developments in the world of application security. Our latest articles cover cutting-edge techniques, emerging threats, and innovative solutions to help you fortify your applications.

Cross-Site Scripting (XSS): The hidden threat to web security

Co-founder, Director

Co-founder, Director

Blind OS command injection using timing attack

Blind OS command injection using timing attack

Cyber Security Engineer

Authentication bypass and stored cross site scripting

Authentication bypass and stored cross site scripting

Co-founder, Director

Common backdoors

Common backdoors

Manieendar Mohan

Cyber Security Lead Engineer

TLS Firefox compatibility

TLS Firefox compatibility

Co-founder, Director

WordPress key weak hashing

WordPress key weak hashing

Cyber Security Engineer

Information sent using unencrypted channels

Information sent using unencrypted channels

Manieendar Mohan

Cyber Security Lead Engineer

Information leakage of the web application's directory or folder path

Information leakage of the web application's directory or folder path

Cyber Security Lead Engineer

Information leakage using meta tag

Information leakage using meta tag

Cyber Security Engineer

Sensitive data exposure

Sensitive data exposure

Cyber Security Lead Engineer

Potentially dangerous file

Potentially dangerous file

Cyber Security Lead Engineer

Symfony database configuration exposure

Symfony database configuration exposure

Cyber Security Engineer

Test for checking file uploads

Test for checking file uploads

Co-founder, Director

TLS OpenSSL compatibility

TLS OpenSSL compatibility

Cyber Security Engineer

The SWEET32 attack

The SWEET32 attack

Co-founder, Director

Server-Side Includes (SSI) injection

Server-Side Includes (SSI) injection

Cyber Security Lead Engineer

Webflow subdomain takeover detection

Webflow subdomain takeover detection

Cyber Security Engineer

WebDAV detection

WebDAV detection

Co-founder, Director

Content Security Policy (CSP) header not implemented

Content Security Policy (CSP) header not implemented

Cyber Security Engineer

XML-RPC (Remote Procedure Call)

XML-RPC (Remote Procedure Call)

Manieendar Mohan

Cyber Security Lead Engineer

Master API security: Securing your entire API ecosystem with Beagle Security’s API discovery

Master API security: Securing your entire API ecosystem with Beagle...

Product Marketing Specialist

Parameter tampering attack

Parameter tampering attack

Cyber Security Engineer

The unseen Drupal

The unseen Drupal

Cyber Security Lead Engineer

Atlassian Jira template injection vulnerabilities

Atlassian Jira template injection vulnerabilities

Cyber Security Engineer

Emby server SSRF

Emby server SSRF

Website contains git metadata directory

Website contains git metadata directory

Manieendar Mohan

Cyber Security Lead Engineer

Time based blind SQL injection

Time based blind SQL injection

Manieendar Mohan

Cyber Security Lead Engineer

Cookie session without a secure flag

Cookie session without a secure flag

Co-founder, Director

File handling vulnerability

File handling vulnerability

Manieendar Mohan

Cyber Security Lead Engineer

Components with known vulnerabilities

Components with known vulnerabilities

Co-founder, Director

PUT method enabled

PUT method enabled

Cyber Security Engineer

Remote access code

Remote access code

Cyber Security Engineer

Rosetta flash vunerability

Rosetta flash vunerability

Cyber Security Lead Engineer

Inline queries SQL injection

Inline queries SQL injection

Manieendar Mohan

Cyber Security Lead Engineer

D-Link arbitrary file upload

D-Link arbitrary file upload

CRLF injection vulnerability

CRLF injection vulnerability

Anandhu Krishnan

Error based SQL Injection

Error based SQL Injection

Manieendar Mohan

Cyber Security Lead Engineer

Boolean based blind SQL Injection

Boolean based blind SQL Injection

Manieendar Mohan

Cyber Security Lead Engineer

Denial of Service (DoS) attack

Denial of Service (DoS) attack

Product Marketing Specialist

Union Query SQL Injection (SQLi)

Union Query SQL Injection (SQLi)

Cyber Security Engineer

Stored cross site scripting

Stored cross site scripting

Cyber Security Lead Engineer

The Logjam common primes

The Logjam common primes

Cyber Security Engineer

What is the main difference between vulnerability scanning and penetration testing?

What is the main difference between vulnerability scanning and pene...

Product Marketing Specialist

WordPress arbitrary file upload

WordPress arbitrary file upload

Co-founder, Director

Ansible Configuration Exposure

Ansible Configuration Exposure

Co-founder, Director

What is Shift Left Security? Benefits and Best Practices

What is Shift Left Security? Benefits and Best Practices

Product Marketing Specialist

PHP code injection

PHP code injection

Co-founder, Director

Phpinfo() PHP Magic Quotes Gpc is On

Phpinfo() PHP Magic Quotes Gpc is On

Co-founder, Director

Exposed SVN directory

Exposed SVN directory

Manieendar Mohan

Cyber Security Lead Engineer

How to integrate DAST into your Travis CI/CD pipeline?

How to integrate DAST into your Travis CI/CD pipeline?

Product Marketing Specialist

HTTP Response Splitting Vulnerability

HTTP Response Splitting Vulnerability

Cyber Security Engineer

The 6 best OWASP security testing tools in 2024

The 6 best OWASP security testing tools in 2024

Product Marketing Specialist

4 best DAST tools in 2024

4 best DAST tools in 2024

Product Marketing Specialist

5 best WordPress security plugins 2024

5 best WordPress security plugins 2024

Product Marketing Specialist

Misconfigured Docker on Default Port

Misconfigured Docker on Default Port

Cyber Security Engineer

PHP register-globals is enabled

PHP register-globals is enabled

Cyber Security Engineer

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

Cyber Security Engineer

CVE-2024-34102: Magento open source affected by an improper restriction of XXE vulnerability

CVE-2024-34102: Magento open source affected by an improper restric...

Product Marketing Specialist

SaaS security: How to secure SaaS applications?

SaaS security: How to secure SaaS applications?

Product Marketing Specialist

How to integrate DAST into AWS CodePipeline?

How to integrate DAST into AWS CodePipeline?

Product Marketing Specialist

How to integrate DAST into your CircleCI pipeline?

How to integrate DAST into your CircleCI pipeline?

Product Marketing Specialist

PHP display_errors is on

PHP display_errors is on

Co-founder, Director

Phpinfo() Memory Limit

Phpinfo() Memory Limit

Manieendar Mohan

Cyber Security Lead Engineer

CVE-2024-4577: Everything you need to know about PHP CGI Argument Injection vulnerability

CVE-2024-4577: Everything you need to know about PHP CGI Argument I...

Product Marketing Specialist

Remote Code Execution (RCE)

Remote Code Execution (RCE)

Co-founder, Director

WordPress PHP Object Injection

WordPress PHP Object Injection

Cyber Security Engineer

Modern TLS compatibility

Modern TLS compatibility

Co-founder, Director

Navigating the maze: What you need to know about software compliance standards

Navigating the maze: What you need to know about software complianc...

Product Marketing Specialist

Dockerrun AWS configuration exposure

Dockerrun AWS configuration exposure

Manieendar Mohan

Cyber Security Lead Engineer

How to integrate DAST into your Github Actions CI/CD pipeline?

How to integrate DAST into your Github Actions CI/CD pipeline?

Product Marketing Specialist

WordPress blind SQL injection

WordPress blind SQL injection

Cyber Security Engineer

Server vulnerabilities and misconfiguration for sensitive information

Server vulnerabilities and misconfiguration for sensitive information

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Server Side Request Forgery (SSRF)

WordPress Server Side Request Forgery (SSRF)

Cyber Security Engineer

How to integrate DAST into your Bitbucket CI/CD pipeline?

How to integrate DAST into your Bitbucket CI/CD pipeline?

Product Marketing Specialist

Regular expression Denial of Service vulnerability (ReDoS)

Regular expression Denial of Service vulnerability (ReDoS)

Cyber Security Lead Engineer

Insecure Direct Object References

Insecure Direct Object References

Cyber Security Engineer

DAST vs penetration testing: Differences and how to combine them

DAST vs penetration testing: Differences and how to combine them

Product Marketing Specialist

The 7 best SaaS vulnerability scanners in 2024

The 7 best SaaS vulnerability scanners in 2024

Product Marketing Specialist

Web based mail package

Web based mail package

Manieendar Mohan

Cyber Security Lead Engineer

Reflected Cross Site Scripting

Reflected Cross Site Scripting

Cyber Security Engineer

WordPress security: Vulnerabilities and how to improve security

WordPress security: Vulnerabilities and how to improve security

Manieendar Mohan

Cyber Security Lead Engineer

Odoo 12.0 - Local File Inclusion

Odoo 12.0 - Local File Inclusion

Anandhu Krishnan

How to integrate DAST into your Jenkins CI/CD pipeline?

How to integrate DAST into your Jenkins CI/CD pipeline?

Product Marketing Specialist

Referrer-policy header cannot be recognized

Referrer-policy header cannot be recognized

Cyber Security Engineer

WordPress user enumeration

WordPress user enumeration

Co-founder, Director

Black box penetration testing

Black box penetration testing

Product Marketing Specialist

X-frames options header cannot be recognized

X-frames options header cannot be recognized

Cyber Security Lead Engineer

Revealing phpinfo()

Revealing phpinfo()

Cyber Security Lead Engineer

ThinkCMF-LFI vulnerability

ThinkCMF-LFI vulnerability

Cyber Security Engineer

Captcha image detected

Captcha image detected

Cyber Security Lead Engineer

Apache Tomcat Remote Code Execution (RCE)

Apache Tomcat Remote Code Execution (RCE)

Cyber Security Engineer

Uncommon query string parameter

Uncommon query string parameter

Co-founder, Director

Unsecured HTTPS cookies

Unsecured HTTPS cookies

Co-founder, Director

Apache Struts 2 S2 –008 RCE1

Apache Struts 2 S2 –008 RCE1

Manieendar Mohan

Cyber Security Lead Engineer

How to integrate DAST into your GitLab CI/CD pipeline?

How to integrate DAST into your GitLab CI/CD pipeline?

Product Marketing Specialist

X-XSS-protection header disabled

X-XSS-protection header disabled

Co-founder, Director

Browser exploit against SSL/TLS (BEAST attack)

Browser exploit against SSL/TLS (BEAST attack)

Cyber Security Engineer

Invalid certificate chain encountered during redirection

Invalid certificate chain encountered during redirection

Cyber Security Engineer

X-Frame options header not implemented

X-Frame options header not implemented

Co-founder, Director

Credit card number disclosure

Credit card number disclosure

Cyber Security Lead Engineer

Application error disclosure

Application error disclosure

Cyber Security Lead Engineer

Brute force in IIS

Brute force in IIS

Manieendar Mohan

Cyber Security Lead Engineer

What are the most common use cases of AI and ML?

What are the most common use cases of AI and ML?

Product Marketing Specialist

Common gateway interface vulnerability

Common gateway interface vulnerability

Cyber Security Lead Engineer

Bash command injection

Bash command injection

Cyber Security Lead Engineer

Potential web backdoor

Potential web backdoor

Cyber Security Engineer

Directory traversal attacks

Directory traversal attacks

Manieendar Mohan

Cyber Security Lead Engineer

XML external entity injection

XML external entity injection

Cyber Security Lead Engineer

SSL compression methods

SSL compression methods

Cyber Security Engineer

User information disclosure

User information disclosure

Cyber Security Engineer

Product Marketing Specialist

Source code disclosure

Source code disclosure

Cyber Security Engineer

OWASP Top 10 for mobile applications 2024

OWASP Top 10 for mobile applications 2024

Product Marketing Specialist

Remote OS Command injection

Remote OS Command injection

Manieendar Mohan

Cyber Security Lead Engineer

Memcached Injection

Memcached Injection

Cyber Security Engineer

Lack of HTTP Strict Transport Security (HSTS)

Lack of HTTP Strict Transport Security (HSTS)

Cyber Security Engineer

Insecure RIA cross domain policy

Insecure RIA cross domain policy

Cyber Security Lead Engineer

Buffer overflow vulnerability

Buffer overflow vulnerability

Cyber Security Engineer

GraphQL attacks and vulnerabilities

GraphQL attacks and vulnerabilities

Cyber Security Engineer

Full path disclosure (FPD) vulnerability

Full path disclosure (FPD) vulnerability

Cyber Security Engineer

Logjam attack against the TLS protocol

Logjam attack against the TLS protocol

Cyber Security Engineer

Private IP address disclosure

Private IP address disclosure

Cyber Security Engineer

What is authenticated vulnerability scanning?

What is authenticated vulnerability scanning?

Product Marketing Specialist

Disabling executable handling in PHP with disable_function

Disabling executable handling in PHP with disable_function

Cyber Security Engineer

Cross-site tracing (XST) vulnerability

Cross-site tracing (XST) vulnerability

Cyber Security Engineer

Email address disclosure

Email address disclosure

Cyber Security Engineer

Why DAST needs reinvention?

Why DAST needs reinvention?

Product Marketing Specialist

Domain spoofing: Types and how to prevent them

Domain spoofing: Types and how to prevent them

The DROWN attack

The DROWN attack

Co-founder, Director

Remote file inclusion

Remote file inclusion

Cyber Security Engineer

Authenticated vs unauthenticated scans

Authenticated vs unauthenticated scans

Product Marketing Specialist

What is SaaS penetration testing?

What is SaaS penetration testing?

Product Marketing Specialist

Cyber Security Engineer

Virtual hosts vulnerability

Virtual hosts vulnerability

Cyber Security Engineer

Secrets at the Command Line

Secrets Management

Secrets at the Command Line

Cyber Security Lead Engineer

DevSecOps Vs SecDevOps

DevSecOps Vs SecDevOps

Product Marketing Specialist

Secrets in Terraform

Secrets Management

Secrets in Terraform

Manieendar Mohan

Cyber Security Lead Engineer

Secrets in Jenkins

Secrets Management

Secrets in Jenkins

DevSecOps Engineer

What is HTTP Response Header Injection?

What is HTTP Response Header Injection?

Product Marketing Specialist

Insecure Redirection

Insecure Redirection

Product Marketing Specialist

What is Shellshock vulnerability?

What is Shellshock vulnerability?

Product Marketing Specialist

Secrets in Kubernetes

Secrets Management

Secrets in Kubernetes

Cyber Security Lead Engineer

Secrets Management

Cyber Security Engineer

How to handle secrets in Python?

Secrets Management

How to handle secrets in Python?

Cyber Security Engineer

How to handle secrets in docker?

Secrets Management

How to handle secrets in docker?

Cyber Security Engineer

A guide to Secrets operations (SOPS)

Secrets Management

A guide to Secrets operations (SOPS)

Manieendar Mohan

Cyber Security Lead Engineer

Broken Access Control

Broken Access Control

Manieendar Mohan

Cyber Security Lead Engineer

ROBOT Attack (Breitenbacher RSA)

ROBOT Attack (Breitenbacher RSA)

Nikhil Anilkumar

DevSecOps Engineer

Format String Vulnerability

Format String Vulnerability

Cyber Security Engineer

What is phishing and how to stay safe?

What is phishing and how to stay safe?

Product Marketing Specialist

DOME CTF: Boosting ethical hacking & Beagle Security platform’s R&D

DOME CTF: Boosting ethical hacking & Beagle Security platform’s R&D

Product Marketing Specialist

7 limitations of vulnerability scanners

7 limitations of vulnerability scanners

Product Marketing Specialist

Clickjacking attack

Clickjacking attack

Cyber Security Engineer

Vulnerability management using AI

Vulnerability management using AI

Manieendar Mohan

Cyber Security Lead Engineer

Benefits of credentialed scans

Benefits of credentialed scans

Product Marketing Specialist

Why DAST should be the cornerstone of your application security program?

Why DAST should be the cornerstone of your application security pro...

Product Marketing Specialist

What are the common REST API security vulnerabilities?

What are the common REST API security vulnerabilities?

Cyber Security Engineer

The 7 Best Veracode Alternatives in the Market Today

The 7 Best Veracode Alternatives in the Market Today

Marketing Associate

DAST vs SAST: What are the differences and how to combine them

DAST vs SAST: What are the differences and how to combine them

Cyber Security Engineer

The Role of Bug Tracking in Ensuring Your Web Application's Security

The Role of Bug Tracking in Ensuring Your Web Application's Security

Head of Marketing, Bugasura

What is continuous penetration testing? Benefits & implementation

What is continuous penetration testing? Benefits & implementation

Marketing Associate

Personal Data Protection bill explained with seven expert opinions

Personal Data Protection bill explained with seven expert opinions

Content Specialist

Crucial Components for a Web Application Security Assessment

Crucial Components for a Web Application Security Assessment

Cyber Security Engineer

Access Control Request Headers

Access Control Request Headers

Nikhil Anilkumar

DevSecOps Engineer

Nikhil Anilkumar

DevSecOps Engineer

Patch released for the critical OpenSSL vulnerability (CVE-2022-3602 & CVE-2022-3786)

Patch released for the critical OpenSSL vulnerability (CVE-2022-360...

Content Specialist

Beagle Security is now a CERT-In Empaneled Information Security Audit Provider

Beagle Security is now a CERT-In Empaneled Information Security Aud...

Co-founder, Director

Content Specialist

How CISCO got Attacked by Yanluowang Ransomware Gang

How CISCO got Attacked by Yanluowang Ransomware Gang

Content Specialist

Zero-Day Vulnerabilities in Web Applications

Zero-Day Vulnerabilities in Web Applications

How DevSecOps is a Key Enabler for Digital Transformation

How DevSecOps is a Key Enabler for Digital Transformation

Cyber Security Engineer

OWASP top ten 2017

OWASP top ten 2017

Cyber Security Engineer

External redirection

External redirection

Co-founder, Director

WordPress Plugin Reflected Cross Site Scripting

WordPress Plugin Reflected Cross Site Scripting

Cyber Security Engineer

WordPress Authenticated SQL Injection

WordPress Authenticated SQL Injection

Cyber Security Engineer

Old Backup and Unreferenced files

Old Backup and Unreferenced files

Manieendar Mohan

Cyber Security Lead Engineer

Beagle Security named a Leader in G2 Summer 2022 Reports

Beagle Security named a Leader in G2 Summer 2022 Reports

WordPress MediaElement Cross-Site Scripting

WordPress MediaElement Cross-Site Scripting

Cyber Security Engineer

WordPress Default localhost vulnerability

WordPress Default localhost vulnerability

Cyber Security Engineer

WordPress Authenticated JavaScript File Upload

WordPress Authenticated JavaScript File Upload

Co-founder, Director

Insecure FrontPage extension configuration

Insecure FrontPage extension configuration

Co-founder, Director

Missing Function Level Access Control OWASP 2013

Missing Function Level Access Control OWASP 2013

Cyber Security Engineer

Cross-site request forgery attack

Cross-site request forgery attack

Co-founder, Director

HTTP Strict Transport Security (HSTS) header set to less than six months

HTTP Strict Transport Security (HSTS) header set to less than six m...

Cyber Security Engineer

X-XSS-Protection header invalid

X-XSS-Protection

X-XSS-Protection header invalid

Co-founder, Director

Renegotiation allowing to insert data into HTTPS sessions

Renegotiation allowing to insert data into HTTPS sessions

Co-founder, Director

Lucky Thirteen attack against implementations of the Transport Layer Security

Lucky Thirteen attack against implementations of the Transport Laye...

Cyber Security Engineer

HTTP Strict Transport Security (HSTS) header on the invalid certificate chain

HTTP Strict Transport Security (HSTS) header on the invalid certifi...

Co-founder, Director

Cross-Origin Resource Sharing implemented with universal access

Cross-Origin Resource Sharing implemented with universal access

Co-founder, Director

Content Security Policy implemented with unsafe inline

Content Security Policy

Content Security Policy implemented with unsafe inline

Co-founder, Director

Content Security Policy (CSP) implemented with unsafe-eval

Content Security Policy (CSP) implemented with unsafe-eval

Co-founder, Director

Content Security Policy (CSP) implemented with insecure scheme

Content Security Policy

Content Security Policy (CSP) implemented with insecure scheme

Cyber Security Lead Engineer

Content Security Policy (CSP) header cannot be parsed successfully

Content Security Policy

Content Security Policy (CSP) header cannot be parsed successfully

Manieendar Mohan

Cyber Security Lead Engineer

Content Security Policy (CSP) implemented with the insecure scheme in passive content only

Content Security Policy (CSP) implemented with the insecure scheme ...

Cyber Security Engineer

8 Login Tips to Stay Safe Online

8 Login Tips to Stay Safe Online

Content Writer at Software Tested

Spring4Shell Vulnerability: Analysis and Mitigation

Spring4Shell Vulnerability: Analysis and Mitigation

Manieendar Mohan

Cyber Security Lead Engineer

Redirection from HTTP to HTTPS to a different host preventing HSTS

Client Side URL Redirect

Redirection from HTTP to HTTPS to a different host preventing HSTS

Cyber Security Lead Engineer

Zoom Patches “Zero-Click” RCE Bug

Zoom Patches “Zero-Click” RCE Bug

Content Specialist

A Comprehensive Guide to Web Application Security

A Comprehensive Guide to Web Application Security

Customer Service Manager at SSL2BUY

WordPress Multiple Themes Privilege Escalation

WordPress Multiple Themes Privilege Escalation

Cyber Security Engineer

Two-factor authentication: How Beagle Security handles 2FA security testing

Two-factor authentication: How Beagle Security handles 2FA security...

X-Content-Type-Options header not implemented

X-Content-Type-Options header not implemented

Cyber Security Engineer

X-Content-Type-Options header cannot be recognized

X-Content-Type-Options header cannot be recognized

Manieendar Mohan

Cyber Security Lead Engineer

SQL injection(SQLi)

SQL injection(SQLi)

Manieendar Mohan

Cyber Security Lead Engineer

Symantec SSL/TLS check

Symantec SSL/TLS check

Cyber Security Lead Engineer

PHP session.use_trans_sid Session Hijacking

PHP session.use_trans_sid Session Hijacking

Co-founder, Director

PHP expose_php is on

PHP expose_php is on

Manieendar Mohan

Cyber Security Lead Engineer

PHP default_charset is none

PHP default_charset is none

Cyber Security Engineer

WordPress Slider Revolution Local File Disclosure

WordPress Slider Revolution Local File Disclosure

Cyber Security Engineer

WordPress Host header attack

WordPress Host header attack

Cyber Security Engineer

State of Application Security in the IT Sector

State of Application Security in the IT Sector

Manieendar Mohan

Cyber Security Lead Engineer

Website contains Mercurial metadata directory

Website contains Mercurial metadata directory

Manieendar Mohan

Cyber Security Lead Engineer

Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely

Sub resource Integrity (SRI) not implemented but all external scrip...

Cyber Security Engineer

Factoring RSA Export Keys (FREAK) Attack

Factoring RSA Export Keys (FREAK) Attack

Cyber Security Engineer

Cyber Security Threats and Best Practices for Remote Workers

Cyber Security Threats and Best Practices for Remote Workers

Manieendar Mohan

Cyber Security Lead Engineer

Fingerprinting Web Server

Fingerprinting Web Server

Co-founder, Director

TLS Safari compatibility

TLS Safari compatibility

Cyber Security Engineer

TLS Internet Explorer compatibility

TLS Internet Explorer compatibility

Co-founder, Director

Server Certificate Validation Through OCSP Stapling

Server Certificate Validation Through OCSP Stapling

Cyber Security Engineer

Generic Map Nomatch

Generic Map Nomatch

Co-founder, Director

Sensitive Data Exposure OWASP 2013

Sensitive Data Exposure OWASP 2013

Cyber Security Lead Engineer

Why is penetration testing important for businesses?

Why is penetration testing important for businesses?

Content Specialist

WordPress Improper handling of post metadata check

WordPress Improper handling of post metadata check

Co-founder, Director

Test For Checking CGI Force Redirect

Test For Checking CGI Force Redirect

Cyber Security Lead Engineer

Beagle Security listed among G2’s Best Security Products 2022

Beagle Security listed among G2’s Best Security Products 2022

What is ModSecurity? Installation Guide for Apache on Ubuntu

What is ModSecurity? Installation Guide for Apache on Ubuntu

Cyber Security Engineer

PwnKit (CVE-2021-4034): Linux system service bug

PwnKit (CVE-2021-4034): Linux system service bug

Content Specialist

Web Cache Deception

Web Cache Deception

Cyber Security Engineer

Splunk sensitive information disclosure

Splunk sensitive information disclosure

Co-founder, Director

Beagle Security named a Leader in G2's Winter 2022 Report

Beagle Security named a Leader in G2's Winter 2022 Report

Why Automate Web Application Security Testing?

Why Automate Web Application Security Testing?

Co-founder, Director

Web Cache Poisoning

Web Cache Poisoning

OWASP Top 10 2021

OWASP Top 10 2021

Content Specialist

5 Biggest Data Breaches of 2021

5 Biggest Data Breaches of 2021

Content Specialist

Log4j Vulnerability

Log4j Vulnerability

Content Specialist

Cookie Theft: Phishing Campaign Targets YouTube Creators

Cookie Theft: Phishing Campaign Targets YouTube Creators

Software Engineer

Content Specialist

The Spy Write-up

The Spy Write-up

Cyber Security Lead Engineer

Cyber Security Lead Engineer

Rocket Write-up

Rocket Write-up

DevSecOps Engineer

Murder Write-up

Murder Write-up

International Space Station Write-up

International Space Station Write-up

Manieendar Mohan

Cyber Security Lead Engineer

Farness Write-up

Farness Write-up

LockBox Write-up

LockBox Write-up

Cyber Security Engineer

Apache HTTP Server Path Traversal and Remote Code Execution

Apache HTTP Server Path Traversal and Remote Code Execution

Cyber Security Engineer

Microsoft MSHTML Remote Code Execution Vulnerability

Microsoft MSHTML Remote Code Execution Vulnerability

Cyber Security Engineer

Simplebooklet takeover detection

Simplebooklet takeover detection

Cyber Security Engineer

API Security Testing: Importance, Risks and Best Practices

API Security Testing: Importance, Risks and Best Practices

Abey Koshy Itty

Marketing Manager

Cyber Security Engineer

Spring Boot H2 database RCE

Spring Boot H2 database RCE

Manieendar Mohan

Cyber Security Lead Engineer

HTTP Request Smuggling

HTTP Request Smuggling

Co-founder, Director

Vulnerable Javascript Library

Vulnerable Javascript Library

Co-founder, Director

Serverless Computing: Security and Challenges

Serverless Computing: Security and Challenges

Cyber Security Engineer

Htaccess Bypass

Htaccess Bypass

Cyber Security Lead Engineer

Insecure File Upload

Insecure File Upload

Co-founder, Director

Content Security Policy (CSP): Use Cases and Examples

Content Security Policy

Content Security Policy (CSP): Use Cases and Examples

Manieendar Mohan

Cyber Security Lead Engineer

Building Application Security in the Azure DevOps Pipeline

Building Application Security in the Azure DevOps Pipeline

Abey Koshy Itty

Marketing Manager

How to Improve Web Application Security?

How to Improve Web Application Security?

Cyber Security Engineer

How AI is Transforming Cyber Security

How AI is Transforming Cyber Security

Here's What You Need to Know About WhatsApp's New Privacy Policy

Here's What You Need to Know About WhatsApp's New Privacy Policy

Abey Koshy Itty

Marketing Manager

Session Security

Session Security

Server Side Request Forgery Attack

Server Side Request Forgery Attack

Sanjana Sanjeeva Shetty

Security Engineer

Man-in-the-Middle (MITM) Attack: Types, Techniques and Prevention

Man-in-the-Middle (MITM) Attack: Types, Techniques and Prevention

Cyber Security Engineer

How to Respond to a Cyber Attack?

How to Respond to a Cyber Attack?

Abey Koshy Itty

Marketing Manager

Nginx Server Security: Nginx Hardening Guide

Nginx Server Security: Nginx Hardening Guide

Manieendar Mohan

Cyber Security Lead Engineer

CMS Vulnerabilities: Why are CMS platforms common hacking targets?

CMS Vulnerabilities: Why are CMS platforms common hacking targets?

Cyber Security Engineer

Docker Container Security: Attacking Docker Vulnerabilities

Container security

Docker Container Security: Attacking Docker Vulnerabilities

Sanjana Sanjeeva Shetty

Security Engineer

10 Common WordPress Errors That Should be Fixed

10 Common WordPress Errors That Should be Fixed

Director of Product Marketing,
WP Hacked Help

Machine Learning for Web Automation

Machine Learning for Web Automation

c0c0n XIII: DOME CTF 2020

c0c0n XIII: DOME CTF 2020

Abey Koshy Itty

Marketing Manager

Hike to the Top Writeup

Hike to the Top Writeup

Cyber Security Engineer

Time Zone Writeup

Time Zone Writeup

DevSecOps Engineer

Cyber Security Lead Engineer

The Retrospect Writeup

The Retrospect Writeup

The Leaked List Writeup

The Leaked List Writeup

Manieendar Mohan

Cyber Security Lead Engineer

Cyber Security Engineer

Qropolis Writeup

Qropolis Writeup

DevSecOps Engineer

Anandhu Krishnan

Mercure’s Signature Dish Writeup

Mercure’s Signature Dish Writeup

Security Engineer

JimmyBot Writeup

JimmyBot Writeup

Manieendar Mohan

Cyber Security Lead Engineer

Inside Out Writeup

Inside Out Writeup

Foundation Palette Writeup

Foundation Palette Writeup

Manieendar Mohan

Cyber Security Lead Engineer

Black Propagation Writeup

Black Propagation Writeup

Assemble Writeup

Assemble Writeup

Adleman's Doc Writeup

Adleman's Doc Writeup

Cyber Security Engineer

The Dark Times Writeup

The Dark Times Writeup

Cyber Security Lead Engineer

Frames & Stories Writeup

Frames & Stories Writeup

5 Biggest Data Breaches of 2020

5 Biggest Data Breaches of 2020

Abey Koshy Itty

Marketing Manager

How to Store and Secure Sensitive Data in Web Applications

How to Store and Secure Sensitive Data in Web Applications

SMBGhost Vulnerability (CVE-2020-0796)

SMBGhost Vulnerability (CVE-2020-0796)

Co-founder, Director

PHP-FPM Vulnerability (CVE-2019-11043) with NGINX

PHP-FPM Vulnerability (CVE-2019-11043) with NGINX

Co-founder, Director

Secure Firewall Configuration for Web Applications

Secure Firewall Configuration for Web Applications

Cyber Security Engineer

Social Engineering Attacks: Techniques, Examples and Prevention

Social Engineering Attacks: Techniques, Examples and Prevention

Abey Koshy Itty

Marketing Manager

DMARC Security: Securing Email With DMARC

DMARC Security: Securing Email With DMARC

DevSecOps Engineer

SIGRed: Microsoft DNS Server RCE Vulnerability

Information Leakage

SIGRed: Microsoft DNS Server RCE Vulnerability

Cyber Security Engineer

DNS Zone Transfer Vulnerability

Information Leakage

DNS Zone Transfer Vulnerability

Cyber Security Engineer

Importance of TLS 1.3: SSL and TLS Vulnerabilities

Importance of TLS 1.3: SSL and TLS Vulnerabilities

Hardening Server Security By Implementing Security Headers

Hardening Server Security By Implementing Security Headers

Manieendar Mohan

Cyber Security Lead Engineer

Apache Web Server Hardening

Apache Web Server Hardening

DevSecOps Engineer

Artificial Intelligence in Cyber Security

Artificial Intelligence in Cyber Security

Cyber Security Engineer

Covid-19 Cyber Attacks: How Attackers are Exploiting the Crisis

Covid-19 Cyber Attacks: How Attackers are Exploiting the Crisis

Abey Koshy Itty

Marketing Manager

Why Small Businesses Should Invest in Cybersecurity?

Why Small Businesses Should Invest in Cybersecurity?

Abey Koshy Itty

Marketing Manager

5 Ways to Improve Your Web Application Security in 2020

5 Ways to Improve Your Web Application Security in 2020

Abey Koshy Itty

Marketing Manager

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

Client Side URL Redirect

Alexa, Google Home and Siri Can Be Hacked Using Laser Light

DevSecOps Engineer

High Severity Flaws Discovered in Nvidia Shield TV and Intel NUCs

High Severity Flaws Discovered in Nvidia Shield TV and Intel NUCs

Anandhu Krishnan

Critical RCE Vulnerability Found in iTerm2 MacOS Terminal Emulator App

Critical RCE Vulnerability Found in iTerm2 MacOS Terminal Emulator App

Cyber Security Lead Engineer

Beagle Beta is ready

Beagle Beta is ready

WordPress Versions

WordPress Versions

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Themes

WordPress Themes

Cyber Security Engineer

WordPress Plugin Vulnerabilities

WordPress Plugin Vulnerabilities

Cyber Security Engineer

Transport Layer Security

Transport Layer Security

Co-founder, Director

TLS(Transport Layer Security) protocol version outdated

TLS(Transport Layer Security) protocol version outdated

Co-founder, Director

Stacked Queries SQL Injection (SQLi)

Stacked Queries SQL Injection (SQLi)

Manieendar Mohan

Cyber Security Lead Engineer

SSL(Secure Sockets Layer) protocol version outdated

SSL(Secure Sockets Layer) protocol version outdated

Cyber Security Engineer

SRI HTML not parsable

SRI HTML not parsable

Manieendar Mohan

Cyber Security Lead Engineer

PHP Config contain database IDs and passwords

PHP Config contain database IDs and passwords

Cyber Security Engineer

OWASP top ten 2013

OWASP top ten 2013

Application Threat Modeling

Application Threat Modeling

Manieendar Mohan

Cyber Security Lead Engineer

Phpinfo() Upload Max Filesize

Phpinfo() Upload Max Filesize

Cyber Security Engineer

Phpinfo() Open Base Directory Is Disabled

Phpinfo() Open Base Directory Is Disabled

Cyber Security Lead Engineer

Vignette Content Management Vulnerabilty

Vignette Content Management Vulnerabilty

Cyber Security Lead Engineer

Ultimate PHP Board Data Disclosure

Ultimate PHP Board Data Disclosure

Cyber Security Engineer

US Social Security Number disclosure

US Social Security Number disclosure

Manieendar Mohan

Cyber Security Lead Engineer

Test For Oracle Application Server

Test For Oracle Application Server

Cyber Security Engineer

Upload Temp Directory is Everyone

Upload Temp Directory is Everyone

Cyber Security Engineer

Test For Checking Session Cookie Httponly

Test For Checking Session Cookie Httponly

Cyber Security Engineer

Test For Checking Magic Quotes Gpc is On

Test For Checking Magic Quotes Gpc is On

Co-founder, Director

TLS Edge compatibility

TLS Edge compatibility

Cyber Security Lead Engineer

TLS Chrome compatibility

TLS Chrome compatibility

Cyber Security Engineer

TLS Android compatibility

TLS Android compatibility

Manieendar Mohan

Cyber Security Lead Engineer

Password Autocomplete in Browser

Password Autocomplete in Browser

Manieendar Mohan

Cyber Security Lead Engineer

PHP session.save_path Security Restriction Bypass

PHP session.save_path Security Restriction Bypass

Cyber Security Engineer

PHP session.hash_function is SHA

PHP session.hash_function is SHA

Cyber Security Lead Engineer

PHP session.hash_function is MD5

PHP session.hash_function is MD5

Co-founder, Director

PHP post_max_size show phpinfo()

PHP post_max_size show phpinfo()

Cyber Security Engineer

PHP cURL Security Bypass

PHP cURL Security Bypass

Co-founder, Director

PHP allow_url_include is enabled

PHP allow_url_include is enabled

Cyber Security Lead Engineer

PHP allow_url_fopen is enabled

PHP allow_url_fopen is enabled

Cyber Security Engineer

PHP Higher Privilege execution

PHP Higher Privilege execution

Cyber Security Lead Engineer

Old TLS backward compatibility

Old TLS backward compatibility

Cyber Security Engineer

Missing Fallback Signaling Cipher Suite Value

Missing Fallback Signaling Cipher Suite Value

Cyber Security Lead Engineer

Microsoft Site Server Information Disclosure

Microsoft Site Server Information Disclosure

Cyber Security Engineer

Microsoft RDS Arbitrary Remote Command Execution

Microsoft RDS Arbitrary Remote Command Execution

Manieendar Mohan

Cyber Security Lead Engineer

Meridian Integrated Personal Call Director Password Disclosure

Meridian Integrated Personal Call Director Password Disclosure

Cyber Security Engineer

Joomla common log files

Joomla common log files

Co-founder, Director

Joomla admin page

Joomla admin page

Co-founder, Director

Joomla User Registration Process

Joomla User Registration Process

Co-founder, Director

Joomla Debug Mode status

Joomla Debug Mode status

Co-founder, Director

Joomla Core vulnerability

Joomla Core vulnerability

Co-founder, Director

Intermediate TLS compatibility

Intermediate TLS compatibility

Co-founder, Director

Dl PHP cgi.force_redirect disabled

Dl PHP cgi.force_redirect disabled

Co-founder, Director

Cross origin Resource Sharing Implemented With Public Access

Cross origin Resource Sharing Implemented With Public Access

Cyber Security Lead Engineer

Cross Origin Resource Sharing Not Implemented

Cross Origin Resource Sharing Not Implemented

Co-founder, Director

Cross Origin Resource Sharing Implemented With Restricted Access

Cross Origin Resource Sharing Implemented With Restricted Access

Co-founder, Director

Content Type Header Missing

Content Type Header Missing

Cyber Security Lead Engineer

Administration page exposure

Administration page exposure

Cyber Security Lead Engineer

Apache .htaccess LIMIT misconfiguration

Apache .htaccess LIMIT misconfiguration

Manieendar Mohan

Cyber Security Lead Engineer

WordPress Theme 'Elegant' Privilege Escalation

WordPress Theme 'Elegant' Privilege Escalation

Cyber Security Lead Engineer

WordPress Stored Cross-Site Scripting (XSS)

WordPress Stored Cross-Site Scripting (XSS)

Cyber Security Lead Engineer

WordPress SQL Injection

WordPress SQL Injection

Cyber Security Engineer

WordPress Directory Traversal Attack

WordPress Directory Traversal Attack

Cyber Security Engineer

WordPress Authentication Bypass

WordPress Authentication Bypass

Cyber Security Engineer

Unvalidated Document Object Model redirection

Unvalidated Document Object Model redirection

Cyber Security Engineer

Publicly Writable Directory

Publicly Writable Directory

Cyber Security Engineer

Origin Spoof Access Restriction Bypass

Origin Spoof Access Restriction Bypass

Manieendar Mohan

Cyber Security Lead Engineer

Document Object Model Based Cross Site Scripting

Document Object Model Based Cross Site Scripting

Manieendar Mohan

Cyber Security Lead Engineer

Common Administration Interfaces

Common Administration Interfaces

Manieendar Mohan

Cyber Security Lead Engineer

Wordpress Themes Email Spoofing

Wordpress Themes Email Spoofing

Cyber Security Engineer

WordPress unsafe redirect for login

WordPress unsafe redirect for login

Cyber Security Engineer

WordPress unpatched Denial Of Service (DoS)

WordPress unpatched Denial Of Service (DoS)

Cyber Security Engineer

WordPress WPDB SQL Injection

WordPress WPDB SQL Injection

Cyber Security Engineer

WordPress VideoJS plugins Cross-site Scripting (XSS)

WordPress VideoJS plugins Cross-site Scripting (XSS)

Cyber Security Engineer

WordPress Themes Information Disclosure

WordPress Themes Information Disclosure

Cyber Security Engineer

WordPress Slider Revolution Shell Upload

WordPress Slider Revolution Shell Upload

Cyber Security Engineer

$WordPress Refraction Theme Multiple Vulnerabilities$

WordPress Refraction Theme Multiple Vulnerabilities

Cyber Security Engineer

WordPress Reflected Cross-Site Scripting

WordPress Reflected Cross-Site Scripting

Cyber Security Engineer

WordPress RSS and Atom Feed Escaping

WordPress RSS and Atom Feed Escaping

Cyber Security Engineer

WordPress Plugin VideoJS and Cross Site Scripting

WordPress Plugin VideoJS and Cross Site Scripting

Cyber Security Engineer

WordPress Open Redirect

WordPress Open Redirect

Cyber Security Engineer

WordPress Large File Upload Error XSS

WordPress Large File Upload Error XSS

Cyber Security Engineer

WordPress Insufficient redirect validation

WordPress Insufficient redirect validation

Cyber Security Engineer

WordPress HTML Language Attribute Escaping

WordPress HTML Language Attribute Escaping

Cyber Security Engineer

WordPress Filesystem Credentials Dialog CSRF

WordPress Filesystem Credentials Dialog CSRF

Cyber Security Engineer

WordPress Escape Version in Generator Tag

WordPress Escape Version in Generator Tag

Cyber Security Engineer

WordPress Directory traversal

Directory traversal

WordPress Directory traversal

Cyber Security Engineer

WordPress Cross-Site Scripting

WordPress Cross-Site Scripting

Co-founder, Director

Ghostcat Vulnerability (CVE-2020–1938)

Ghostcat Vulnerability (CVE-2020–1938)

Co-founder, Director

Document Object Model Cross Site Scripting on WordPress

Document Object Model Cross Site Scripting on WordPress

Co-founder, Director

PhpMyExplorer Directory traversal

PhpMyExplorer Directory traversal

Cyber Security Lead Engineer

XPath Injection

XPath Injection

Co-founder, Director

Unvalidated Redirects and Forwards

Unvalidated Redirects and Forwards

Co-founder, Director

Unsafe preg_replace usage

Unsafe preg_replace usage

Co-founder, Director

Unhandled error in web application

Unhandled error in web application

Co-founder, Director

Reflected File Download vulnerability

Reflected File Download vulnerability

Cyber Security Lead Engineer

Phishing vector vulnerability found

Phishing vector vulnerability found

Cyber Security Engineer

PHP-Gastebuch Disclosing System Information

PHP-Gastebuch Disclosing System Information

Cyber Security Engineer

Cyber Security Engineer

Cyber Security Engineer

Local File Inclusion

Local File Inclusion

Cyber Security Engineer

Lightweight Directory Access Protocol (LDAP) injection

Lightweight Directory Access Protocol (LDAP) injection

Cyber Security Engineer

Lack of wildcard DNS entry found

Lack of wildcard DNS entry found

Cyber Security Engineer

Insufficient Logging And Monitoring

Insufficient Logging And Monitoring

Cyber Security Engineer

Insecure Deserialization

Insecure Deserialization

Manieendar Mohan

Cyber Security Lead Engineer

HTTP Method Vulnerability Found

HTTP Method Vulnerability Found

Co-founder, Director

Guessable credentials found

Guessable credentials found

Cyber Security Engineer

Database can be read without authentication

Database can be read without authentication

Cyber Security Engineer

Broken Authentication

Broken Authentication

Manieendar Mohan

Cyber Security Lead Engineer

Auto complete not disabled

Auto complete not disabled

Cyber Security Engineer

X-XSS-Protection Not Implemented

X-XSS-Protection

X-XSS-Protection Not Implemented

Cyber Security Engineer

Website contains SVN metadata directory

Website contains SVN metadata directory

Cyber Security Lead Engineer

Tickets option leak uninitialised memory

Tickets option leak uninitialised memory

Cyber Security Engineer

Subresource Integrity (SRI) implemented, but external scripts are loaded over http

Subresource Integrity (SRI) implemented, but external scripts are l...

Cyber Security Lead Engineer

Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely

Subresource Integrity (SRI) is not implemented, and external script...

Manieendar Mohan

Cyber Security Lead Engineer

Site did not return a status code of 200

Site did not return a status code of 200

Cyber Security Engineer

Session Cookie set without 'Secure' Flag but protected by HSTS

Cookies Attributes

Session Cookie set without 'Secure' Flag but protected by HSTS

Cyber Security Engineer

Processing of Change Cipher Spec

Processing of Change Cipher Spec

Cyber Security Lead Engineer

Obtain plaintext by observing length differences

Obtain plaintext by observing length differences

Manieendar Mohan

Cyber Security Lead Engineer

Information leakage in EXIF data of images

Information Leakage

Information leakage in EXIF data of images

Co-founder, Director

Heartbleed vulnerability

Heartbleed vulnerability

Cyber Security Lead Engineer

HTTP Strict Transport Security (HSTS) header not implemented

HTTP Strict Transport Security (HSTS) header not implemented

Manieendar Mohan

Cyber Security Lead Engineer

HTTP Strict Transport Security header not available over HTTPS

HTTP Strict Transport Security header not available over HTTPS

Cyber Security Engineer

HTTP Strict Transport Security (HSTS) header cannot be recognised

HTTP Strict Transport Security (HSTS) header cannot be recognised

Cyber Security Engineer

HTTP Public Key Pinning (HPKP) header cannot be recognised

HTTP Public Key Pinning (HPKP) header cannot be recognised

Co-founder, Director

Fingerprinting Web Application Framework using HTTP headers

Fingerprinting Web Application Framework using HTTP headers

Cyber Security Engineer

Cross-Origin Resource Sharing XML cannot be parsed

Cross-Origin Resource Sharing XML cannot be parsed

Cyber Security Engineer

Cookies SameSite flag invalid

Cookies Attributes

Cookies SameSite flag invalid

Cyber Security Lead Engineer

Cookie without 'Secure' flag but protect by HSTS

Cookie without 'Secure' flag but protect by HSTS

Cyber Security Engineer

Cookie set without 'Secure' flag

Cookies Attributes

Cookie set without 'Secure' flag

Manieendar Mohan

Cyber Security Lead Engineer

Cookie anti-CSRF flag without SameSite flag

Cookies Attributes

Cookie anti-CSRF flag without SameSite flag

Cyber Security Engineer

Co-founder, Director

IBM DB Boolean based blind sql injection

IBM DB Boolean based blind sql injection

Cyber Security Lead Engineer

Cookie session without 'HttpOnly' flag

Cookies Attributes

Cookie session without 'HttpOnly' flag

Cyber Security Engineer

Referrer-Policy header unsafely

Referrer-Policy header unsafely

Cyber Security Engineer

Redirects to HTTPS eventually, but initial redirection is to another HTTP URL

Client Side URL Redirect

Redirects to HTTPS eventually, but initial redirection is to anothe...

Co-founder, Director

Redirects, but final destination is not an HTTPS URL

Client Side URL Redirect

Redirects, but final destination is not an HTTPS URL

Co-founder, Director

Does not redirect to a HTTPS site from HTTP port

Client Side URL Redirect

Does not redirect to a HTTPS site from HTTP port

Manieendar Mohan

Cyber Security Lead Engineer