What is Pseudonymisation? Techniques and Best Practices What is data pseudonymisation? Pseudonymisation is a data protection technique, which consists of processing data in such a way that it is not possibl... 09.02 Applications
What are IDOR (Insecure Direct Object References)? Attacks, exploits and security best practices IDORs (Insecure Direct Object References) are widespread vulnerabilities in web applications in the same way as XSS or SQL injections. Affiliated with... 06.02 Applications
Linux Privilege Escalation: Techniques and Security Tips What is privilege escalation? Privilege escalation is a key concept for attackers seeking access to sensitive information or restricted functionality ... 27.01 Applications
Exploiting a broken access control vulnerability on GraphQL During a web application penetration test, we discovered a vulnerability related to the configuration and mismanagement of access controls on GraphQL.... 26.01 Applications
ORM: exploiting cascades with improper input validation In 2021, the OWASP top 10, which highlights the most common vulnerabilities in applications, has slightly changed. Injection vulnerabilities, previous... 19.01 Applications
Exploiting and preventing insecure deserialization vulnerabilities When developing a game, you may need to save a player’s run to a file so that you don’t lose their progress and they can return to where t... 12.01 Applications
What is Rate Limiting? How it works and implementation techniques What is rate limiting? During our penetration tests on web platforms, one of the main attack vectors we use most often to discover and exploit vulnera... 03.01 Applications
What are deep links? Vulnerabilities, attacks and security best practices What is a deep link? Deep links are predefined URIs (Uniform Resource Identifiers) that allow direct access to an activity in a web or mobile applicat... 16.12 Applications
Exploiting an SQL injection with WAF bypass Discovering an SQL injection with burp’s scanner During a penetration test, we came across this situation: 13.12 Applications
Brute force attacks: principles and security best practices Brute force is certainly one of the most trivial attack techniques. The main reason: the human factor remains the weakest link in the cybersecurity ch... 05.10 Applications
XSS (Cross-Site Scripting) vulnerabilities: principles, types of attacks, exploitations and security best practices XSS (Cross-site Scripting) are particularly widespread vulnerabilities in web applications. In fact, more than one in two applications contains it acc... 26.09 Applications
DOM-based XSS attacks: principles, impacts, exploitations and security best practices DOM-based XSS is a particularly unknown vulnerability because it is rather rare. Indeed, it is a variant of XSS (Cross-Site Scripting) – certain... 23.09 Applications
