All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of fixing them. You can find several detailed guides on how […]
In our old advertisements, you could often read that 70 percent of websites are hackable. The sad truth is, however, that every website and web application can be hacked, given enough time and resources. What makes a website or web application fall within the 70 percent mentioned above is not just vulnerabilities. Your website security […]
DAST has come a long way from its humble beginnings. Many businesses searching for web application security solutions are still apprehensive of DAST because they perceive it the way it was many years ago. DAST tools are often described as slow, not automated, not integrated, with limited reach and accuracy, and not usable for DevSecOps. […]
Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example due to an expired domain), attackers can exploit these links […]
In this cheat sheet, we will assume that: You are a developer or you know programming You have limited web application security knowledge You need to know how SQL injection attacks happen You need to know how to fix SQL injection issues in your code In this cheat sheet, you will learn: How do malicious […]
To harden a computer system means to make it more difficult for a malicious hacker to attack. In formal terms, system hardening means reducing the attack surface – the attack surface is the combination of all the points where an attacker may strike. Many computer systems by default have a very large attack surface. This […]
Currently, nginx is the most popular web server, recently beating Apache. It is lightweight, fast, robust, and supports all major operating systems. It is the web server of choice for Netflix, WordPress.com, and other high traffic sites. An nginx server can easily handle 10,000 inactive HTTP connections with as little as 2.5 MB of memory. […]
One of the most comfortable ways to build web pages is by using server-side templates. Such templates let you create HTML pages that include special elements that you can fill and modify dynamically. They are easy to understand for designers and easy to maintain for developers. There are many server-side template engines for different server-side […]
The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the successor to SSL (Secure Socket Layer). The recent Acunetix 2020 […]
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. For example, when a user requests www.acunetix.com without specifying a file (such as […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
