Skip to content
Geek Girl
  • Categories
    • Information Security
      • HackTheBox
      • linux
      • Windows
      • CTF
      • Web application
    • Cloud
    • python
      • Django
    • Internet of Things
Menu

OWASP top 10

  1. Home>
  2. python>
  3. Web application>
  4. OWASP top 10
How I found an IDOR in deletion of comparison lists
OWASP top 10 / Uncategorized / Web application

How I found an IDOR in deletion of comparison lists

Read about an interesting scenario of IDOR that allowed to me view private user information and also delete publicly available list.

0 Comments
September 26, 2021
Here is how to hunt for OAUTH vulnerabilities
How To / Information Security / OWASP top 10 / Web application

Here is how to hunt for OAUTH vulnerabilities

The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.

0 Comments
July 7, 2021
Dont just sanitize but also escape – A fable of sanitize_text_field
Code Vigilant / OWASP top 10 / php / Source Code Review / Web application / XSS

Dont just sanitize but also escape – A fable of sanitize_text_field

The post talks about an interesting find of XSS even when the filter was used. It also covers the mistakes that a developer makes while sanitizing input.

2 Comments
May 21, 2021
Blind XXE attacks – Out of band interaction Techniques (OAST) to exfilterate data
Information Security / OWASP top 10 / Web application

Blind XXE attacks – Out of band interaction Techniques (OAST) to exfilterate data

The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE

0 Comments
April 24, 2021
XXE Simplified: The concept, Attacks and Mitigations
Information Security / OWASP top 10 / Web application

XXE Simplified: The concept, Attacks and Mitigations

XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.

0 Comments
April 14, 2021
Copyright [oceanwp_date] - WordPress
Close Menu
  • Categories
    • Information Security
      • HackTheBox
      • linux
      • Windows
      • CTF
      • Web application
    • Cloud
    • python
      • Django
    • Internet of Things