Web application

Read more about the article What is OAuth, real-world examples and various OAuth attacks
Information Security / Mitigations / OAuth / OWASP top 10

What is OAuth, real-world examples and various OAuth attacks

OAuth is everywhere—from signing into your favorite apps using Google or GitHub to enabling secure access between APIs. But while OAuth is incredibly powerful, it’s also one of the most misunderstood and misconfigured components in modern applications. And that’s exactly why knowing its fundamentals isn't optional—it's critical. Misconfigurations in OAuth can open doors to serious vulnerabilities such as account takeover, token leakage,…

0 Comments
July 12, 2025
csp-part-2
Information Security / Mitigations / OWASP top 10 / Web application / XSS

CSP Part 2: Securing Inline Scripts with Nonces and Hashes

In Part 1 of the CSP series, we explored how CSP plays a major role in mitigating XSS and clickjacking attacks. Now that you're familiar with the basics of setting up a CSP and its importance, let's take it one step further. Today, we'll dive into two powerful CSP techniques: nonces and hashes. These allow us to safely run specific inline scripts…

0 Comments
June 23, 2025
csp
Information Security / Mitigations / OWASP top 10 / Source Code Review / Web application

Content Security Policy (CSP): A Key Mitigation for XSS and Clickjacking

Content Security Policy (CSP) is a powerful browser mechanism designed to prevent and mitigate common web vulnerabilities such as Cross-Site Scripting (XSS) and Clickjacking. CSP allows developers to specify which sources of content are trusted by the application. This guide will walk you through how CSP works, and how to use it to protect against Clickjacking with frame-ancestors. Real-world examples and practical…

0 Comments
May 29, 2025
csrf-tokens
csrf / Information Security / Mitigations / Web application

How Servers Handle CSRF Tokens: Generation, Validation, and Best Practices

Welcome to Part 2 of the CSRF series!While spotting CSRF vulnerabilities during testing or bug bounties is often straightforward, have you ever paused to think about what really happens behind the scenes when implementing mitigations? In Part 1, we explored the fundamentals of Cross-Site Request Forgery (CSRF), why it's dangerous, and how browsers now defend against it using mechanisms like SameSite cookies…

0 Comments
May 11, 2025
Read more about the article Exploiting Cache: 20 Headers That Makes your Web App vulnerable to Cache Poisoning
Information Security / OWASP top 10 / Web application

Exploiting Cache: 20 Headers That Makes your Web App vulnerable to Cache Poisoning

In the fast-moving world of web applications, caching plays a pivotal role in ensuring quick and efficient content delivery. However, as with most technologies, it comes with its own set of vulnerabilities. One of the most insidious threats in this realm is cache poisoning. This subtle yet powerful attack can manipulate what users see, disrupt functionality, and lead to severe security and…

0 Comments
September 18, 2024
http request and response headers
Information Security / Web application

The ultimate guide to HTTP request & response headers

End-users constantly make GET or POST request to the internet to retrieve information. The most common protocol used here is HTTP/S. But this communication is not just about making requests. It needs to be meaningful when sent from client to server or vice-versa. Here’s when HTTP header comes in. With headers, client/server can send additional information with HTTP request. In this blog…

0 Comments
September 10, 2020