TLPT (Threat-Led Penetration Testing): Objective and Methodology In a context where cyberattacks are becoming more sophisticated, targeted and persistent, traditional security approaches are reaching their limits. I... 24.02 Applications
Ransack Query Injection: Analysis and Exploitation of an ORM Vulnerability Developers often rely on libraries to manage communications with databases. This saves them from having to write raw queries. These libraries generall... 03.02 Applications
Host Header Attacks, Exploitations and Security Tips According to the RFC 2616 standard, the ‘Host’ header is mandatory in an HTTP request. It indicates the host and, if applicable, the port of the reque... 22.09 Applications
What is CRLF Injection? Exploitations and Security Tips A simple line break seems harmless when thinking about a web application. However, if poorly managed, it can open the door to serious attacks. This is... 10.09 Applications
Black Box Exploitation of a Deserialisation Vulnerability Deserialisation vulnerabilities are often difficult to exploit. In most cases, you need access to the source code to identify the available classes or... 03.07 Applications
Understanding Source Code Audit Methodology and Process In the development cycle of a web application, security should never be relegated to the background. It must be considered at every stage: from the de... 04.06 Applications
File Upload Vulnerabilities and Security Best Practices On many web applications, the option of uploading files is a standard feature. Whether it’s adding a profile photo or sending a document, file u... 29.04 Applications
Web Cache Poisoning Attacks and Security Best Practices To improve the display speed of web pages and lighten server loads, many companies rely on caching mechanisms. This system enables frequently requeste... 28.04 Applications
What is NoSQL Injection? Exploitations and Security Best Practices SQL injections are well-known and widely documented vulnerabilities. They exploit flaws in relational databases to manipulate or extract sensitive dat... 25.03 Applications
What is a Slow HTTP Attack? Types and Security Best Practices Denial of Service (DoS) are among the most common attacks on the web. There are many variants. One of them, which is particularly easy to exploit and ... 19.03 Applications
What is HTTP Request Smuggling? Exploitations and Security Best Practices When a client accesses a website, it communicates with the server through the HTTP protocol. Initially text-based, this protocol became binary with HT... 13.03 Applications
