Sign in

cybersecurity researcher 》 programmer 》web developer》 pentester 》hacker》 bug hunter

The best-case scenario for an attacker is if attacks on an application can go unnoticed as this would give the confidence to carry out consecutive attacks on the same application which could provide enough time for the attacker to fully compromise the system. This would be possible if an application has insufficient logging and monitoring of suspicious activities and fails to alert the necessary parties on time.

An example of the exploitation of this type of vulnerability could include an application that has been attacked using a large-scale credential stuffing attack and millions of user credentials have leaked. …


What is Using components known vulnerabilities ?

when the components such as libraries and frameworks used within the app almost always execute with full privileges. If a vulnerable component is exploited, it makes the hacker’s job easier to cause a serious data loss or server takeover.

Exploitability of the risk is average, Attacker needs to identify the weak part through scanning or manual analysis.

But the risk is widely spread, Many application has these issues on the grounds that most development teams don’t concentrate on guaranteeing their parts/libraries are breakthrough.

Most of the time, the developers don’t know every one…


Introduction

Today, Developing web applications sometimes require to transfer data for storing, communication, logging, etc. They have to prepare and send data each other so data are quite important especially financial, health and so on.

Applications should transfer data with the same data format, it makes the application to convert to standard from own data format before sending data and vice-versa, converting standard into own data format after receiving data that it effect with insecure deserialization.

What is insecure Deserialization ?


In this blog we are going to learn about the security misconfiguration from the OWASP top 10 .we are learning this from past month and today we cam to the 7th one lets learn about misconfiguration through the picture.

API security anti-pattern for Security Misconfiguration

Security misconfiguration is commonly a result of

  • insecure default configurations
  • incomplete or ad-hoc configurations
  • open cloud storage
  • misconfigured HTTP headers
  • unnecessary HTTP methods
  • permissive Cross-Origin resource sharing (CORS)
  • and verbose error messages containing sensitive information

The good thing is, that it is relatively easy to fix security misconfiguration and considerably improve the API security as a result.

If you have any doubts please ping me in instagram.(__fazalurrahman__)

Cheers….!


Before we talk about Broken Access Control, let’s get to grips with Access Control.

Access Control is the access control — including the right to access information in the system.


Traditionally, computers are connected to each other using cables — creating a network. The cable used most often is Ethernet, which consists of four pairs of wires inside of a plastic jacket. It is physically similar to phone cables, but can transport much more data.

But cables and computers alone do not make a good network, so one early solution was to use a network hub. The Ethernet cables from the computer connect to the device similar to the hub of a bike wheel — where all of the spokes come together in the center.

An example of how a…


Routers do the majority of the hard work on a network — they make the decisions about all the messages that travel on the network, and whether to pass messages to and from outside networks. There are three main functions:

Separate and Bridge

Routers separate networks into sections, or bridge different networks together, as we see in the example above — the private network of 192.168.1 Street is bridged to the Internet with a public IP address.


An important relationship on networks is that of the server and the client. A server is a computer that holds content and services such as a website, a media file, or a chat application. A good example of a server is the computer that holds the website for Google’s search page: http://www.google.com. The server holds that page, and sends it out when requested.

A client is a different computer, such as your laptop or cell phone, that requests to view, download, or use the content. The client can connect over a network to exchange information. …


In order to send and direct data across a network, computers need to be able to identify destinations and origins. This identification is an IP — Internet Protocol — address. An IP address is just a set of four numbers between 1 and 254, separated by dots. An example of an IP address is 173.194.43.7.

An IP address is similar to a street address. …


Network ports are provided by the TCP or UDP protocols at the Transport layer. They are used by protocols in the upper layers of the OSI model. Port numbers are used to determine what protocol incoming traffic should be directed to. Ports allow a single host with a single IP address to run network services. Each port number identifies a distinct service, and each host can have 65535 ports per IP address. Port use is regulated by the Internet Corporation for Assigning Names and Numbers (ICANN). By ICANN there are three categories for ports:

  • From 0 to 1023 — well…

Fazal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store