Pros and Cons of DNS Over HTTPS

Pros and Cons of DNS Over HTTPS

| | Con, dns, HTTPS, pro
DNS, also known as Domain Name System, is the internet-wide service that translates fully qualified hostnames (FQDNs) such as www.netsparker.com into an IP address. It was developed because it's much easier to remember a domain name than an IP address. In 2017, an internet draft to send DNS requests over ... Read More
PHP Type Juggling Vulnerabilities Logo

Detailed Explanation of PHP Type Juggling Vulnerabilities

PHP is often referred to as a 'loosely typed' programming language. This means that you don't have to define the type of any variable you declare. During the comparisons of different variables, PHP will automatically convert the data into a common, comparable type. This makes it possible to compare the ... Read More
Server-Side Template Injection Introduction & Example

Server-Side Template Injection Introduction & Example

There are few topic that developers universally agree on. One example that often leads to heated discussions is the choice of the right source code editor. You may be a Vim fanatic or maybe you prefer the simplicity of Nano or the extensibility of Visual Studio Code. Meanwhile, others argue ... Read More
Type Juggling Authentication Bypass Vulnerability in CMS Made Simple

Type Juggling Authentication Bypass Vulnerability in CMS Made Simple

Have you ever experienced that sinking feeling when you discover that you've run out of one crucial ingredient for a special meal? It might be a single ingredient, but it ruins the whole dish, doesn't it? In the world of web application security, one apparently small slip-up can compromise the ... Read More
Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code

Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code

In PHP, as in every other programming language you use for web development, developers should avoid writing code that passes user-controlled input to dangerous functions. This is one of the basics of secure programming. Whenever a function has the capability to execute a dangerous action, it should either not receive ... Read More
GDPR Article 32

GDPR Article 32: Security of Data Processing

The EU General Data Protection Regulation (GDPR) is a regulation formulated by the European Union to strengthen and unify data protection for all individuals within the European Union (EU). It covers many subjects, such as Privacy by Design and Data Breaches. One section in particular, that applies to all those ... Read More
DEF CON 21 - Ming Chow - Abusing NoSQL Databases

Application Level Denial of Service – An In-Depth Guide

Denial of Service attacks that bring down popular websites often involve thousands of hacked consumer devices and servers. While these attacks mainly aim to overwhelm the target system with traffic, in order to deny service to legitimate users, bugs at the Application Layer (Layer 7 in the OSI model) can ... Read More
This screenshot shows the RFI vulnerability as reported in Netsparker Desktop.

Second-Order Remote File Inclusion (RFI) Vulnerability Introduction & Example

The main difference between a Remote File Inclusion (RFI) vulnerability and a second-order one is that in a second-order RFI, attackers do not receive an instant response from the web server, so it is more difficult to detect. This is because the payload that the attacker uses to exploit the ... Read More
The Equifax Breach – The Signs Were There

The Equifax Breach – The Signs Were There

Whenever a big data breach happens – like the Equifax one – there is almost always a predictable order of subsequent events: The breach happens The affected company announces it The news outlets pick up the story and make it known to the general public Security researchers wonder how the ... Read More
Missed Black Hat or DEF CON? We've got you covered

Missed Black Hat or DEF CON? We’ve got you covered

| | blackhat, DEF CON
I'm sure lots of you are sad that Black Hat USA 2017 and DEF CON 25 are over. You had a hell of a time in Las Vegas, were given the opportunity to listen to some great talks and meet people who share the same interest. And of course, you've ... Read More
Loading...