Exploiting a broken access control vulnerability on GraphQL During a web application penetration test, we discovered a vulnerability related to the configuration and mismanagement of access controls on GraphQL.... 26.01 Applications
ORM: exploiting cascades with improper input validation In 2021, the OWASP top 10, which highlights the most common vulnerabilities in applications, has slightly changed. Injection vulnerabilities, previous... 19.01 Applications
Exploiting and preventing insecure deserialization vulnerabilities When developing a game, you may need to save a player’s run to a file so that you don’t lose their progress and they can return to where t... 12.01 Applications
What is Rate Limiting? How it works and implementation techniques What is rate limiting? During our penetration tests on web platforms, one of the main attack vectors we use most often to discover and exploit vulnera... 03.01 Applications
What are deep links? Vulnerabilities, attacks and security best practices What is a deep link? Deep links are predefined URIs (Uniform Resource Identifiers) that allow direct access to an activity in a web or mobile applicat... 16.12 Applications
Exploiting an SQL injection with WAF bypass Discovering an SQL injection with burp’s scanner During a penetration test, we came across this situation: 13.12 Applications
Brute force attacks: principles and security best practices Brute force is certainly one of the most trivial attack techniques. The main reason: the human factor remains the weakest link in the cybersecurity ch... 05.10 Applications
XSS (Cross-Site Scripting) vulnerabilities: principles, types of attacks, exploitations and security best practices XSS (Cross-site Scripting) are particularly widespread vulnerabilities in web applications. In fact, more than one in two applications contains it acc... 26.09 Applications
DOM-based XSS attacks: principles, impacts, exploitations and security best practices DOM-based XSS is a particularly unknown vulnerability because it is rather rare. Indeed, it is a variant of XSS (Cross-Site Scripting) – certain... 23.09 Applications
Auditing an application protected by a CSRF token with Stepper Introduction The CSRF token is a protection that requires the insertion of a random and dynamic value in a request. This value is then analysed by the... 29.08 Applications
How to secure a server? Server security is a major issue for companies. Indeed, being a central element in the functioning of all the components of an information system (app... 19.07 Applications
SQL injections (SQLi): principles, impacts, exploitations and security best practices Most web applications use one or multiple databases to store and process information in real time. Indeed, when a user sends requests, the web applica... 07.07 Applications
