Request forgeries (CSRF, XSRF, SSRF)
In 2020, CheckPoint Research announced multiple vulnerabilities in the popular social media application named TikTok. One of the found vulnerabilities allowed an attacker to delete…
Tag: Application Security
Posts, tutorials, and general information about Application Security.
Directory / Path Traversal
Just like you have directories on your PC, laptop, and mobile phones, web servers also have directories. For example, if you were to purchase web…
HashiCorp Vault [Cheat Sheet]
We wrote a blog post introducing and explaining what Vault is, when it’s useful, and how to get started using it to manage your secrets.…
How crypto miners hijack AWS accounts (Cryptojacking GUI-Vil Case Study)
This is the story of how you print free money. It’s a story that involves an AWS account, a threat actor named GUI-Vil, and unauthorized…
Static Application Security Testing (SAST)
What if you could take multiple senior developers and security experts, distill them into a tool, and then have the ability to run that tool…
AWS WAF Made Simple: Protect Your Web Apps In The Cloud
AWS built its own Web Application Firewall and named the service AWS WAF, and we’re going to take a detailed look at how we can…
What is HashiCorp Vault and why should you know about it?
Vault is an open-source secrets management tool used to automate access to secrets, data, and systems. This blog post comes from our Explained in 180…
Hashing use cases
In practice, what is hashing used for? How is it being used in the real world? Let’s take a look at a few common hashing…
Multifactor authentication (MFA) factors and attributes
Password-based authentication has been proven time and time again to be a vulnerable form of authentication. One of the best defenses is using Multifactor Authentication,…
Encrypted versus hashed passwords. What’s the difference?
As you study for the CompTIA Security+ exam, it’s important that you understand the differences between plaintext, encrypted, and hashed passwords. It’s common to hear…