DDOS Attack: A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Reflective DDoS attacks: Using the technique In simpler way lets try to understand the flow: Attacker sends a request to a vulnerable server by spoofing its source IP address […]
What is an IDOR? Attacker, who is an authorised system user, simply changes a parameter value that directly refers to a system object to another object the user isn’t authorised for and if gains access to it defines an Insecure Direct Object Reference or IDOR. Lets say User A logs in to the system and […]
Discovered by security researcher Bart, Annabelle Ransomware includes everything but the kitchen sink when it comes to screwing up a computer. This includes terminating numerous security programs, disabling Windows Defender, turning off the firewall, encrypting your files, trying to spread through USB drives, making it so you can’t run a variety of programs, and then to sweeten […]
Ever wondered what are App Permissions in Android 6.0 and above? Its simple. When an App needs to interact with data on your phone that it does not own for a predefined functionality, it prompts the User seeking permission for it to access the same. So Users think twice before tapping the “Allow” button on your Android […]
CSP – Content Security Policy CSP is a W3C specification offering the possibility to instruct the client browser from which location and/or which type of resources are allowed to be loaded/ executed. The supported directives are: default-src : Define loading policy for all resources type in case of a resource type dedicated directive is not defined (fallback), […]
On Monday, February 5, 2018, a zero-day vulnerability in WordPress core was disclosed CVE-2018-6389, which allows an attacker to perform a denial of service (DoS) attack against a vulnerable application. The vulnerability exists in the modules used to load JS and CSS files. These modules were designed to decrease page-loading time, but have effectively rendered […]
Apple source code for a core component of iPhone’s operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot—the critical part of the iOS operating system that’s responsible for all security […]
Why API’s need special attention? As an increasing number of organizations provide API access to make their information available to a wider audience, securing that access is likewise of increasing importance. With the growing adoption of cloud, mobile, and hybrid environments the risks are increasing. Cyber threats and DDoS attacks are targeting enterprise applications as […]
Why Re-Invent the Wheel ? ? ? ? In this tutorial/walkthrough, I shall be providing you detailed instructions on how to compile and configure NAXSI on NGINX on Ubuntu 14.04 as the ubuntu standard repos have a very old version of NAXSI built NGINX which I have personally found to be very buggy ! Schedule: […]
OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks What changed from 2013 to 2017? Change has accelerated over the last four years, and the OWASP Top 10 needed to change. The OWASP Team has completely refactored the OWASP Top 10, revamped the methodology, utilized a new data call process, worked […]
