Blog

August 20, 2018

OWASP Tutorial – Testing for Session Management (Weak Session IDs) Vulnerability

Testing for Session Management (Weak Session IDs) Vulnerability An attacker uses leaks or flaws in the authentication or session management functions (e.g., session IDs) to impersonate […]
August 13, 2018

OWASP Tutorial – Testing for Session Management(CSRF) Vulnerability

Testing for Session Management(CSRF) Vulnerability Cross-Site Request Forgery (CSRF) is an attack that forces a user to execute unwanted actions on a web application in which […]
August 6, 2018

OWASP Tutorial – Testing For HTTP Strict Transport Security Vulnerability

Testing For HTTP Strict Transport Security Vulnerability The HTTP Strict Transport Security (HSTS) header is a mechanism that websites have to communicate to the web browsers […]
August 6, 2018

OWASP Tutorial – Testing For HTTP Methods Vulnerability

Testing For HTTP Methods Vulnerability HTTP offers a number of methods like GET, POST, OPTIONS, PUT, and DELETE etc… To process a request, a web server provides […]
July 30, 2018

OWASP Tutorial – Testing for Weak SSL/TLS Cipher Vulnerability

Testing for Weak SSL/TLS Cipher Vulnerability It is important to check SSL configuration because sensitive information/data must be secured while transmitting through the network. Transmission of […]
July 23, 2018

OWASP Tutorial – Testing for File Upload Vulnerability

Testing for File Upload Vulnerability In many web servers, this vulnerability depends entirely on purpose, that allows an attacker to upload a file with malicious code […]
July 16, 2018

OWASP Tutorial – Testing for Error Handling Vulnerability

Testing for Error Handling Vulnerability Information leakage and improper error handling happen when web applications do not limit the amount of information they return to their […]
July 16, 2018

OWASP Tutorial – Testing for Brute Force Vulnerability

Testing for Brute Force Vulnerability The brute-force attack is one of the most popular passwords cracking method. It is not just for password cracking, it is […]
July 9, 2018

OWASP Tutorial – Testing for HTTP Splitting and smuggling Vulnerability

Testing for HTTP Splitting and smuggling Vulnerability HTTP Splitting HTTP response splitting is a protocol manipulation attack, similar to Parameter Tampering. HTTP splitting is the fact […]