Cloud

Leveraging Destructive and Non-destructive Testing in Application Development

Software testing is a crucial phase of a software development life cycle that helps evaluate whether the application meets the expected requirements.

Cloud

Active/Passive and Active/Active Configuration in Storage Management

Storage management is a critical aspect of IT infrastructure that plays a crucial role in ensuring the availability and reliability of data.

Cloud

What Is the CSRF Login Attack?

Cross-site request forgery is an attack in which an adversary can submit a malicious request on behalf of the victim user.

Cloud

What Is a Javascript Injection Attack and How Is It Orchestrated?

An injection vulnerability allows a malicious actor to inject harmful code into a system through another application.

Cloud

What Is the Stored CSRF Vulnerability?

Cross-site request forgery (CSRF) is a security vulnerability that allows an attacker to submit unusual, malicious requests on behalf of an unsuspecting user.

Cloud

Http.sys Remote Code Execution Vulnerability (Cve-2022-21907)

The Remote Code Execution Vulnerability (RCE) is a security vulnerability exploited by malicious users to run arbitrary code on a compromised server/computer.

Cloud

What Is a Port Scan Attack?

Port scanning is a commonly used attack technique to detect a vulnerable target server by accessing different ports.

Cloud

Top 10 Must-See Videos on Diagramming With Draw.IO

Creating precise architectural diagrams not only requires specialized skills but also requires the right diagramming tools.

Cloud

Password Reset Poisoning – Attack Types and Prevention

In a password reset poisoning attack, the attacker manipulates the host server into generating a malicious password reset link, which sends the reset password URL to an attacker-controlled host.

Cloud

Securing Modern Systems With Access Control Lists

An Access Control List is a table that informs the host operating system on user authorization rights and the level of permissions a user possesses to access data and system objects.

Cloud

What Is False Data Injection?

False Data Injection encompasses a class of malicious data attacks that target critical infrastructures controlled by Cyber-Physical Information Systems.

Cloud

Guide to Enumeration Pentest: All You Need to Know

Penetration testing helps security researchers uncover vulnerabilities that a hacker may potentially exploit to compromise an entire tech stack, network, or web application.

Cloud

What Are Common Vulnerabilities and Exposures (CVE)?

Common Vulnerabilities and Exposures (CVE) is a catalogue built to standardize the identification of known cyber threats.

Cloud

What Is Common Weakness Enumeration (CWE)?

The Common Weakness Enumeration (CWE) database is a community-developed project that provides a catalog of common vulnerabilities in the software and hardware of an organization’s tech stack.

Cloud

What Is an OCI-Compliant Container Image?

The goal of OCI is to create a set of specifications that can be used to create, distribute, and run container images in a consistent and interoperable way.

Cloud

Server Side Includes – All You Need to Know About SSI

Server-Side Includes is a mechanism that helps developers insert dynamic content into HTML files without requiring knowledge of the server or client-side programming language specification.

Cloud

Union-Based SQL Injection – Guide to Understanding & Mitigating Such Attacks

SQL injection (SQLi) is a web security vulnerability that enables attackers to manipulate an application’s backend by altering the queries sent to the database.

Cloud

OWASP Top 10 Cryptographic Failures A02 – Explained

A cryptographic failure is a critical web application security vulnerability that exposes sensitive application data on a weak or non-existent cryptographic algorithm.

Cloud

XSS vs CSRF Attacks – What Are the Differences?

CSRF and XSS are client-side attacks that abuse the same-origin policy and exploit the trust relationship between the web application and the victim user.

Cloud

A08:2021 – Software and Data Integrity Failures- Explained

The software and data integrity failures vulnerability is a new entrant to the OWASP Top Ten 2021 (A08). It covers various application security weaknesses that may lead to insufficient integrity verification.

Cloud

Server-Side Request Forgery (SSRF) Vulnerability

Capitalizing on a server-side request forgery vulnerability, attackers target a vulnerable application’s backend server and coax it to execute malicious requests for performing unintended actions.

Cloud

Web Cache Poisoning – Ultimate Guide

Web caching enables quicker and seamless browsing by downloading the copy of a file locally, thereby preventing future browser requests from getting redirected to the remote server.

Cloud

HTTP Request Smuggling – The Ultimate Guide

An HTTP request smuggling attack is when the hacker interferes with the processing of HTTP requests between clients and web servers.

Cloud

What Is Stride Methodology in Threat Modelling?

Microsoft’s STRIDE methodology aims to ensure that an application meets the security requirements of Confidentiality, Integrity, and Availability (CIA), besides Authorisation, Authentication, and Non-Repudiation.