Data Extraction to Command Execution CSV Injection

Data Extraction to Command Execution CSV Injection

As web applications get more complex and more data driven, the ability to extract data from a web application is becoming more common. I work as a principal penetration tester on Veracode’s MPT team, and the majority of web applications that we test nowadays have the ability to extract data ... Read More
The Top Five Web Application Authentication Vulnerabilities We Find

The Top Five Web Application Authentication Vulnerabilities We Find

One of the most important parts of a web application is the authentication mechanism, which secures the site and also creates boundaries for each user account. However, during my years of testing web applications, it’s still very common to find authentication mechanisms with vulnerabilities. I currently work as a principal ... Read More