We are all aware of what phishing is. Think of phishing as a server that is not the client or victim. Server-Side Request Forgery (SSRF), is the simple act of tampering with requests that are submitted to the server in order to extract important data from them. The only vulnerability type that has its own...

Security Logging and Monitoring Failures: Introduction Imagine a scenario wherein a company remains unnotified about a data breach that happened months ago and gets to know about it but only through some security researcher who found the dump for sale on the dark net. Well, that’s a true possibility and what’s more devastating about the...

Introduction: What is software and data integrity failure? Software and data integrity failures refer to the state of corruption or integrity violation of data or software for which no proper checks are in place in the present infrastructure of the organization. Integrity violation of data and the software includes scenarios where any unauthorized entity modifies...

Introduction: what are identification and authentication failures? Vulnerabilities due to identification and authentication failures are determined by the flaws in applications’ authentication mechanisms, regardless of how robust or well-implemented they are. Prior to 2021, it was referred to in the OWASP Top Ten as “Broken Authentication,” but it now goes by its new moniker. Instead...

Vulnerable and Outdated Components: Introduction Woahhh!! Is your office still running Windows 2000? Umm…Yes! Why does it surprise you? I am thrilled by this fact because you still aren’t targeted by any hacker. An intruder can easily gain access to these systems due to them being considered obsolete and in no support zone by Microsoft...

We @ ASPIA frequently check all the input fields, injection, XSS, and other areas for large and visible problems while assessing the security risks and vulnerabilities of your applications. But take note! You still need to review your application’s design. These flaws are present in your application but frequently go unnoticed because they operate in...

What is it? Injection!! That too in security!! How? Well, to most of us reading this article “injection” might sound something like a term from a medical background. If you are thinking of that “injections” then, you are thinking correctly to some extent because the use of injection is to inject medicine into the human...

Cryptographic failures Introduction   Why did everyone start switching to Signal and Telegram as soon as it was discovered that WhatsApp was leaking users’ information? Why then did Whatsapp feel the need to add “end-to-end encryption” to its software? Why has everyone started becoming cashless and using their credit or debit cards to do transactions...

What is it? Ever thought of doing a banking transaction from another person’s account or booking all the tickets to a movie theatre, all without even being logged in or without having proper credentials for the account? That’s what we call Broken Access Control which basically means that the policies which are kept in the...