Ransack Query Injection: Analysis and Exploitation of an ORM Vulnerability Developers often rely on libraries to manage communications with databases. This saves them from having to write raw queries. These libraries generall... 03.02 Applications
Host Header Attacks, Exploitations and Security Tips According to the RFC 2616 standard, the ‘Host’ header is mandatory in an HTTP request. It indicates the host and, if applicable, the port of the reque... 22.09 Applications
What is CRLF Injection? Exploitations and Security Tips A simple line break seems harmless when thinking about a web application. However, if poorly managed, it can open the door to serious attacks. This is... 10.09 Applications
Black Box Exploitation of a Deserialisation Vulnerability Deserialisation vulnerabilities are often difficult to exploit. In most cases, you need access to the source code to identify the available classes or... 03.07 Applications
Understanding Source Code Audit Methodology and Process In the development cycle of a web application, security should never be relegated to the background. It must be considered at every stage: from the de... 04.06 Applications
