HackDig : Dig high-quality web security articles

OWASP IoT Top 10 Series: Weak or Hardcoded Password Policy OWASP

In the last blog we had explored OWASP IoT Top 10 vulnerabilities overview, now we will explore the impact of each of these OWASP vulnerabilities on IoT technologies and product development. And today we will explore the oldest and most common mistake which is a weak password configuration in these smart internet-connected devices. When it comes to findin
Publish At:2021-02-15 01:55 | Read:369 | Comments:0 | Tags:IoT Security Knowledge-base OWASP owasp IOT top 10 OWASP Top

OWASP Top 10 Vulnerabilities IoT Security: Lack of Physical Hardening

With ever increases attack surfaces with IoT devices, physical hardening is also one of the important aspects of IoT Security. Many times these devices are being part of critical infrastructure and threat actors will desire to backdoor it abusing the OWASP top 10 vulnerabilities. There are a majority of ways in which an Iot device can be compromised and e
Publish At:2021-01-19 14:31 | Read:513 | Comments:0 | Tags:Cloud Security iOS Penetration Testing IoT Security News OWA

Thinking of a Cybersecurity Career? Read This

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields
Publish At:2020-07-24 18:59 | Read:1186 | Comments:0 | Tags:How to Break Into Security Alan Paller DEFCON Groups Kali Li

OWASP Top 10 Overview and Vulnerabilities

What is OWASP? OWASP, also known as the Open Web Application Security Project, is an online platform that creates articles available freely, programs, documentation, tools, and techs from the web application security. It is a non-profit enterprise that is run by groups of people across the world. OWASP is not just limited to the web but also has other pro
Publish At:2020-07-18 15:35 | Read:885 | Comments:0 | Tags:IoT Security Knowledge-base OWASP owasp IOT top 10 OWASP Top

API Security Assessment OWASP 2019 Test Cases

An Application Programming Interface (API) is a component that enables communication between two different applications. They can be applications developed on different platforms and it uses a different server for the database. The API Security apps are used to get access data that enables working of multiple apps or services together and it also hides the c
Publish At:2020-06-17 14:28 | Read:1001 | Comments:0 | Tags:API Security OWASP API Security OWASP 2019 API Security test

OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability

tl;dr: I’m Pentester and recently I got my first pentest project and I’ve successfully executed with my senior colleague. As the application was developed to perform the financial operations, I had focus of finding Insecure Direct Object Reference Vulnerabilities. This blog will help you for having the understanding of the IDOR vulnerability. Ins
Publish At:2017-09-20 12:30 | Read:4642 | Comments:0 | Tags:OWASP IDOR Insecure Direct Object Reference Vulnerability OW

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be know to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation. In my penetration testing career so far, while performing fuzzing of parameters and page fiel
Publish At:2017-09-03 05:00 | Read:5380 | Comments:0 | Tags:Knowledge-base OWASP SecureLayer7 Lab burp suite fuzzing inp

OWASP Top 10 #9: Using Components With Known Vulnerabilities

It does not take a rocket scientist to understand that using components with known vulnerabilities a very poor choice for protecting your web application or corporate data. While solving this issue may sound straightforward (i.e. using components with NO known vulnerabilities), as of 2017 it still is quite a challenge and, not entirely surprisingly, re
Publish At:2017-08-30 19:45 | Read:5482 | Comments:0 | Tags:General Security OWASP OWASP Top 10

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:6524 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

OWASP Top 10 #10: Unprotected APIs

Modern applications are becoming more complex, more critical and more connected. The difficulty of achieving application security has increased exponentially and unprotected APIs are one of the top web application security risks organizations face.Compared to Injection, OWASP’s number one web application security risk, unprotected APIs (tenth in the li
Publish At:2017-08-25 10:50 | Read:4921 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #6: Sensitive Data Exposure

Since 2003, The Open Web Application Security Project (OWASP) has provided the information security community with the “Ten Most Critical Web Application Security Risks.” With the recent release of the 2017 update, not surprisingly, sensitive data exposure remains a major concern affecting almost every company around the globe that uses web appli
Publish At:2017-08-22 12:00 | Read:8056 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #5: Security Misconfiguration

Recently, the Open Web Application Security Project (OWASP) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.)This is one of a s
Publish At:2017-08-21 14:40 | Read:3845 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #4: Broken Access Control

Recently, OWASP (the Open Web Application Security Project) announced an update of their “Ten Most Critical Web Application Security Risks.” OWASP is a nonprofit organization devoted to helping create a more secure internet and the list is considered an important benchmark. (The new 2017 list is currently in the comments phase.)This is one of a s
Publish At:2017-08-18 13:00 | Read:3976 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #2 – Broken Authentication Session Management

Making the network secure can never get enough attention in today’s world. It’s of paramount importance, especially for people working in the field of information technology, to understand the various cyber-attacks possible on web applications and also to find out some possible prevention techniques. Some of the most common attacks include (but are not
Publish At:2017-08-17 18:35 | Read:4534 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10

OWASP Top 10 #3: Cross-Site Scripting (XSS)

Cross-Site ScriptingCross-site scripting (XSS) attacks involved the injection of malicious code into trusted websites. One of the traditional uses of XSS is a hacker stealing session cookies in order to impersonate another user. Lately, it has been the malicious act used to spread malware, deface websites, and phish for useful credentials. It occurs wh
Publish At:2017-08-17 18:35 | Read:5165 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10 Xss