Black Box Exploitation of a Deserialisation Vulnerability Deserialisation vulnerabilities are often difficult to exploit. In most cases, you need access to the source code to identify the available classes or... 03.07 Applications
Understanding Active Directory Certificate Services (AD CS) As part of our internal penetration tests, we regularly encounter AD CS (Active Directory Certificate Services) infrastructures deployed on corporate ... 19.06 Infra & Network
Understanding Source Code Audit Methodology and Process In the development cycle of a web application, security should never be relegated to the background. It must be considered at every stage: from the de... 04.06 Applications
File Upload Vulnerabilities and Security Best Practices On many web applications, the option of uploading files is a standard feature. Whether it’s adding a profile photo or sending a document, file u... 29.04 Applications
Web Cache Poisoning Attacks and Security Best Practices To improve the display speed of web pages and lighten server loads, many companies rely on caching mechanisms. This system enables frequently requeste... 28.04 Applications
What is NoSQL Injection? Exploitations and Security Best Practices SQL injections are well-known and widely documented vulnerabilities. They exploit flaws in relational databases to manipulate or extract sensitive dat... 25.03 Applications
What is a Slow HTTP Attack? Types and Security Best Practices Denial of Service (DoS) are among the most common attacks on the web. There are many variants. One of them, which is particularly easy to exploit and ... 19.03 Applications
What is HTTP Request Smuggling? Exploitations and Security Best Practices When a client accesses a website, it communicates with the server through the HTTP protocol. Initially text-based, this protocol became binary with HT... 13.03 Applications
