HackDig : Dig high-quality web security articles for hacker

OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform the financial operations, I had focus of finding Insecure Direct Object Reference Vulnerabilities. This blog will help you for having the understanding of the IDOR vulnerability. Ins
Publish At:2017-09-20 12:30 | Read:237 | Comments:0 | Tags:OWASP IDOR Insecure Direct Object Reference Vulnerability OW

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be know to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation. In my penetration testing career so far, while performing fuzzing of parameters and page fiel
Publish At:2017-09-03 05:00 | Read:307 | Comments:0 | Tags:Knowledge-base OWASP SecureLayer7 Lab burp suite fuzzing inp

OWASP Top 10 #9: Using Components With Known Vulnerabilities

It does not take a rocket scientist to understand that using components with known vulnerabilities a very poor choice for protecting your web application or corporate data. While solving this issue may sound straightforward (i.e. using components with NO known vulnerabilities), as of 2017 it still is quite a challenge and, not entirely surprisingly, re
Publish At:2017-08-30 19:45 | Read:236 | Comments:0 | Tags:General Security OWASP OWASP Top 10

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:251 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

OWASP Top 10 #10: Unprotected APIs

Modern applications are becoming more complex, more critical and more connected. The difficulty of achieving application security has increased exponentially and unprotected APIs are one of the top web application security risks organizations face.Compared to Injection, OWASP’s number one web application security risk, unprotected APIs (tenth in the li
Publish At:2017-08-25 10:50 | Read:364 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #6: Sensitive Data Exposure

Since 2003, The Open Web Application Security Project (OWASP) has provided the information security community with the “Ten Most Critical Web Application Security Risks.” With the recent release of the 2017 update, not surprisingly, sensitive data exposure remains a major concern affecting almost every company around the globe that uses web appli
Publish At:2017-08-22 12:00 | Read:378 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #5: Security Misconfiguration

Recently, the Open Web Application Security Project (OWASP) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.)This is one of a s
Publish At:2017-08-21 14:40 | Read:263 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #4: Broken Access Control

Recently, OWASP (the Open Web Application Security Project) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.)This is one of a s
Publish At:2017-08-18 13:00 | Read:233 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #2 – Broken Authentication Session Management

Making the network secure can never get enough attention in today’s world. It’s of paramount importance, especially for people working in the field of information technology, to understand the various cyber-attacks possible on web applications and also to find out some possible prevention techniques. Some of the most common attacks include (but are not
Publish At:2017-08-17 18:35 | Read:206 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #3: Cross-Site Scripting (XSS)

Cross-Site ScriptingCross-site scripting (XSS) attacks involved the injection of malicious code into trusted websites. One of the traditional uses of XSS is a hacker stealing session cookies in order to impersonate another user. Lately, it has been the malicious act used to spread malware, deface websites, and phish for useful credentials. It occurs wh
Publish At:2017-08-17 18:35 | Read:213 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10 Xss

HTTP… For the Good or the Bad

Tonight, I was invited by the OWASP Belgium Chapter (thank you again!) to present “something“. When I accepted the invitation, I did not really have an idea so I decided to compile the findings around my research about webshells. They are common tools used by bad guys: Once they compromized a server, they often install a webshell which is a kind
Publish At:2017-05-29 18:45 | Read:454 | Comments:0 | Tags:Event Security Websites OWASP Webshell

OWASP Top 10 Details About WebSocket Vulnerabilities and Mitigations

Socket in a Nutshell A socket is an endpoint of a network communication. A socket always comes in 2 parts: An IP address and a port. For example: When you visit www.securelayer7.net, your computer and the website’s computer are communicating using sockets (endpoints). The endpoint of the website will be: www.securelayer7.net:80 and endpoint of your computer
Publish At:2017-02-14 15:40 | Read:1131 | Comments:0 | Tags:OWASP OWASP TOP 10 web scoket application pentest Web socket

OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation

What is a DOM (Document Object Model)? DOM is a W3C (World Wide Web Consortium) standard. It is a platform independent interface that allows programs and scripts to dynamically access and modify the structure of an document. The document can be HTML, XHTML or XML. Let us apply the above definition practically: Before modifying element using DOM: In the below
Publish At:2017-01-11 20:30 | Read:1273 | Comments:0 | Tags:OWASP Client Side Attack Cross Site Scripting DOM DOM Based

OWASP Top 10 : Penetration Testing with SOAP Service and Mitigation

SOAP Overview: Simple Object Access Protocol (SOAP) is Connection or an interface between the web services or a client and web service. SOAP is operated with application layer protocols like HTTP, SMTP or even with the TCP for message transmission. Figure 1  SOAP Operation It is developed in xml language, which uses Web Service Description Language (WSDL) t
Publish At:2017-01-08 13:35 | Read:1513 | Comments:0 | Tags:OWASP Penetration Testing with SOAP Application and Mitigati

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/setting
Publish At:2017-01-07 18:45 | Read:2796 | Comments:0 | Tags:OWASP Client Side Attack CORS CORS Vulnerability and Patch C

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud