Exploiting an LFI (Local File Inclusion) Vulnerability and Security Tips When we visit a website, it is common to be able to browse different pages. Each page can be represented by a file on the server. In order to determin... 07.08 Applications
Web Application Penetration Testing: Objective, Methodology, Black Box, Grey Box and White Box Tests Faced with an ever-increasing number of sophisticated attacks, web application security is a major challenge. Indeed, security is now crucial to reass... 01.08 Applications
What is Mass Assignment? Attacks and Security Tips What is a Mass Assignment vulnerability? To make things easier for developers, many frameworks include features that automatically associate the param... 15.06 Applications
Data Encryption and Cryptographic Failures: OWASP Top 10 #2 In a previous article, we reviewed the most critical and widespread vulnerability in web applications according to the OWASP Top 10: broken access con... 20.05 Applications
How to update passwords in database to secure their storage with Argon2? In a previous article, we saw why it was important to store passwords in a database with robust hash functions such as Bcrypt and Argon2. This helps t... 13.04 Applications
What is Session Hijacking? Types of attacks and exploitations Access control is a central element in ensuring the security of web applications. It must be based on robust authentication and session management tha... 12.04 Applications
OWASP Top 10 #1: Broken Access Control And Security Tips The Open Web Application Security Project (OWASP) is a community working to improve the security of information systems and more specifically applicat... 31.03 Applications
Exploiting an HTML injection with dangling markup During a web application penetration test, we came across the following situation: 21.02 Applications
Multifactor Authentication (MFA) : how does it work? Types of attacks, exploits and security best practices Multifactor authentication (MFA) is a central and widely used mechanism for strengthening the security of user accounts and access to a system. Indeed... 15.02 Applications
What is Pseudonymisation? Techniques and Best Practices What is data pseudonymisation? Pseudonymisation is a data protection technique, which consists of processing data in such a way that it is not possibl... 09.02 Applications
What are IDOR (Insecure Direct Object References)? Attacks, exploits and security best practices IDORs (Insecure Direct Object References) are widespread vulnerabilities in web applications in the same way as XSS or SQL injections. Affiliated with... 06.02 Applications
