Understanding and Preventing CORS Misconfiguration Before presenting practical examples of CORS misconfiguration, it is important to define several points. First, the principle of the Same-Origin Polic... 23.10 Applications
Insecure Authentication Tokens leading to Account Takeover Most applications have a critical feature for identifying users. The aim is to guarantee the confidentiality and integrity of their data. Common metho... 18.09 Applications
Exploiting an LFI (Local File Inclusion) Vulnerability and Security Tips When we visit a website, it is common to be able to browse different pages. Each page can be represented by a file on the server. In order to determin... 07.08 Applications
Web Application Penetration Testing: Objective, Methodology, Black Box, Grey Box and White Box Tests Faced with an ever-increasing number of sophisticated attacks, web application security is a major challenge. Indeed, security is now crucial to reass... 01.08 Applications
What is Mass Assignment? Attacks and Security Tips What is a Mass Assignment vulnerability? To make things easier for developers, many frameworks include features that automatically associate the param... 15.06 Applications
Data Encryption and Cryptographic Failures: OWASP Top 10 #2 In a previous article, we reviewed the most critical and widespread vulnerability in web applications according to the OWASP Top 10: broken access con... 20.05 Applications
How to update passwords in database to secure their storage with Argon2? In a previous article, we saw why it was important to store passwords in a database with robust hash functions such as Bcrypt and Argon2. This helps t... 13.04 Applications
What is Session Hijacking? Types of attacks and exploitations Access control is a central element in ensuring the security of web applications. It must be based on robust authentication and session management tha... 12.04 Applications
OWASP Top 10 #1: Broken Access Control And Security Tips The Open Web Application Security Project (OWASP) is a community working to improve the security of information systems and more specifically applicat... 31.03 Applications
Exploiting an HTML injection with dangling markup During a web application penetration test, we came across the following situation: 21.02 Applications
Multifactor Authentication (MFA) : how does it work? Types of attacks, exploits and security best practices Multifactor authentication (MFA) is a central and widely used mechanism for strengthening the security of user accounts and access to a system. Indeed... 15.02 Applications
