Articles, news, tips and tricks from pentesting and infosec
SQL Injection attacks are still a threat to current web applications, despite their long history. In this article we discuss the most common SQL Injection attack techniques with concrete examples from DVWA (Damn Vulnerable Web Application).
Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.
This article is a deep dive into how nmap works, in order to understand its internal structure and to master its functionality.
Tired of writing pentest reports? Let’s automate this and let you get back to hacking! Slides included.
In this article we discuss the most important HTTP headers that you should configure on your web server in order to improve its security.
Let’s explore a couple of practical attack scenarios that can be implemented as PoCs to prove the real risk of Cross-Site Scripting (XSS) vulnerabilities.