icon Book Free Consultation

Blogs

Mastering Web App VAPT The Complete Guide

5349
26/04/2024
In today's interconnected digital landscape, web applications serve as the backbone of numerous online services, facilitating everything from e-commerce transactions to social media interactions.
Read More

Evolution of Ransomware and the trends in 2020

5814
29/04/2020
Nowadays the biggest danger that we come across and also something that we are about to face in future is The cyber threat the crime that happens via internet and technology.
Read More

How hackers bypass file upload and how to prevent it?

11616
14/06/2022
Starbucks does have the best coffee in the world. But, do they have the best cybersecurity defense? ? Johnstone discovered It was possible to execute arbitrary code by uploading a webshell
Read More

A Deep Dive into VAPT Methodology and Coverage Respective of Different Compliance Requirements

5739
27/11/2023
To evolve in modern-day VAPT (Vulnerability Assessment and Penetration Testing), it is essential to stay ahead of the ever-changing cybersecurity landscape
Read More

Why VAPT is Crucial for Your Organizations Security-Beyond Compliance

2838
27/06/2023
Organizations face multiple cybersecurity dangers in the digital age, which could compromise confidential information.
Read More

Why SaaS Product Owners Need to Prioritize Vulnerability Assessments and Penetration Testing

3450
12/09/2023
Your product is designed to handle sensitive customer data, ranging from personal information to financial records.
Read More

Top 10 Compelling Reasons Why Web Application Security Testing Should Be a Priority

3607
30/06/2023
In today's interconnected world, where businesses rely heavily on web applications to interact with customers.
Read More

Securing PHP Applications: Safeguarding Against the Top 3 Cyber Attacks

4161
23/06/2023
Are you aware that more than 810 million web applications, which account for over 30% of all web applications.
Read More

Ransomware The Deadliest Threat to Modern Cybersecurity

3149
18/06/2024
Ransomware has emerged as one of the most dangerous and persistent threats in the cybersecurity landscape.
Read More

Maximizing Security: Uncovering Threats with In-house Security and External VAPT Team

3916
07/07/2023
Discover how combining in-house security expertise with external VAPT teams can maximize your organization's security.
Read More

Dont Let Your APIs Be the Weak Link Why API Security Assessments are Crucial

3120
10/10/2023
Imagine a bank with an API that allows you to check your account balance and make transactions from your favorite budgeting app
Read More

DNS Hijacking Prevention: Safeguarding Your Domain from Attacks

3606
12/07/2023
Protecting your domain against DNS hijacking attempts is essential in the modern digital world.When hostile actors take over a domain's DNS settings.
Read More

How to secure your Github repository?

6135
04/05/2019
GitHub is a hosting platform which helps developers to collaborate in building software’s. It helps the developers to manage source code management.
Read More

CWE-79 Improper Neutralization Of Input During Web Page Generation Cross-Site Scripting

6683
03/10/2018
Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications.
Read More

Detection and Exploitation of XML External Entity Attack XXE

7474
30/05/2019
XML External Entity Attack happens when an application allows an input parameter to be XML or incorporated into XMLwhich is passed to an XML parser
Read More

Server Side Includes Injection

6908
29/05/2019
Server Side Includes (SSIs) are directives present on web applications, used to feed an HTML page of the application with dynamic contents based on user’s input.
Read More

HOW CAN THE OWASP DEPENDENCY TRACKER BE USED TO IMPROVE THE APPLICATION SECURITY LIFECYCLE?

7936
16/09/2021
Dependency Track is a free, open-source continuous component analysis platform that helps businesses discover and mitigate supply chain risk
Read More

A Deep Dive into SAML-SSO Security Testing Approach

7757
14/04/2020
SAML the Security Assertion Markup Language was created by an organization known as OASIS.Nowadays applications make use of the latest version of SAML 2.0.
Read More

Cross Site Port Attack XSPA

8948
06/10/2018
A web application is helpless against Cross Site Port Attack if it forms client provided URL’s and does not disinfect the backend reaction obtained from remote servers previously while sending it back to the client.
Read More

Server-Side Request Forgery-SSRF

10048
11/10/2018
Server-Side Request Forgery (SSRF) refers to an attack, wherein an attacker can send a maliciously crafted request from a vulnerable web application
Read More

While testing sql injection why do testers frequently use single quotes

12959
09/06/2022
SQL injection is often referenced as the most common type of attack on websites. It is being used extensively by hackers and pen-testers on web applications.
Read More

Null Byte SQL Injection

12454
04/05/2019
Null Byte Injection is an exploitation technique which uses URL-encoded null byte characters to the user-supplied data. This injection process can alter the intended logic .
Read More

CRLF Injection Attack

11412
28/05/2019
The term CRLF refers to Carriage Return (ASCII 13, , \r) Line Feed (ASCII 10, , \n). Carriage Return means the end of a line, and Line Feed refers to the new line. In more simple words, both of these are used to note the end of a line.
Read More

SQL Injection -Using Burp Suite

22990
08/10/2018
SQL injection is an attack when an attacker persuades to “inject” his harmful/malicious SQL code into someone else’s database, and force that database to run his SQL
Read More

Host Header Attack

38049
03/10/2018
Most commonly many web servers are configured in such a way, to hosts several websites or web applications on the same IP address. That’s why the Host Header Injection occurs.
Read More

What is the difference between VA and PT ?

6212
22/07/2022
Thief plots heist at home. It takes him some time to figure out how to get into the house without being noticed. What we're doing here is called Vulnerability assessment.The thief could have used a glass door .
Read More

Strengthening Security for BSFI SaaS Products: Leveraging the Power of OWASP ASVS

2122
26/05/2023
In the fast-paced world of Banking, Financial Services, and Insurance (BSFI), organizations rely heavily on Software as a Service (SaaS).
Read More

Top 10 reasons to partner with briskinfosec cybersecurity experts to prevent cyberattacks and data breaches

3444
27/02/2023
If you're a business owner, you know that cybersecurity is an essential concern.
Read More

Is CDN WAF enough to protect your web application?

3706
16/06/2022
What would you say if we told you that certain service was at USD 1.53 Billion in 2016 and is expected to reach USD 7.63 Billion by 2022.Is not this an exponential increase? Yes, that service is CDN WAF.
Read More

How To Minimize The Impact Of False Positives?

3354
24/05/2022
Web applications are updated on a frequent basis in today's fast-paced development settings, and agile, integrated methodologies like DevOps are swiftly becoming the norm.To design, test, and update diverse apps
Read More

Is there a difference between authentication and authorization in an API?

4181
21/06/2022
As with web applications, APIs operate on the web, but many require some sort of authentication or authorization before you can access the valuable.
Read More

Guidelines to Secure Web Services and API End-Points

5580
20/08/2019
Web Service is a software service used to create a communication between 2 devices connected over a network through internet.
Read More

Is Beast Attack Really Breaking Your SSL TLS

5171
04/05/2022
BEAST (Browser Exploit Against SSL/TLS) is a network vulnerability attack against TLS 1.0 and older SSL protocols. Security researchers carried out the attack for the first time in 2011, but the theoretical vulnerability was discovered in 2002.
Read More

What Is FTP Penetration Testing and What It Is Not?

5864
05/07/2022
File transfer protocol, a standardized protocol used to allow transmission of files between computers. It consists of a set of coded signals which are transmitted between computers, and which inform
Read More

Json web token and its exploitation

3564
12/05/2022
As an open standard, the JSON Web Token (JWT) defines a compact and self-contained method for securely transmitting information between parties as a JSON object (RFC 7519).
Read More

What is the difference between Manual Penetration Testing versus Automated Penetration Testing?

4288
10/08/2022
The new normal has made the market bigger for digital transformation projects and strategies for moving to the cloud.
Read More

Command Execution Attacks on Apache Struts server CVE-2017-5638

6937
06/10/2018
Apache Struts is a free, open-source, MVC framework for creating elegant and modern Java web applications.
Read More

80 percent of the backend technologies have banner exposed why is it a serious issues

4982
10/05/2022
Banner grabbing or active reconnaissance is a type of attack during which the attackers send requests to the system they are attempting to attack in order.
Read More

XML Rpc Attack

9219
29/07/2022
Yes, I am talking about U.S department of defense get hacked. Bibek Dhakal found that the xmlrpc.php file on the U.S. Department of Defense website had been turned on leaving it open to an attack on other sites. The XML Rpc.php in WordPress is turned on by default
Read More

Why should we use a proxy server?

5857
23/08/2022
People don't often stop to think about the most basic parts of how the internet works. But what happens when you browse the Internet? You could be using a proxy server at work, on a Virtual Private Network (VPN).
Read More

HTTPS Request Smuggling Attacks and How to Stop Them?

5725
25/08/2022
Who will offer $36,000 for finding a bug? Yes, it has happened. And, by the the greatest company of the planet: Apple. From the prize, you can well understand the magnanimity .
Read More

What weak credentials can do?

3254
07/10/2022
Yes! Hacking people's accounts is illegal. Hacker’s are enjoyed playing with weak credentials. A weak password is one that is easy to guess using a subset of all possible passwords in a brute force attack.
Read More

What is Black box Security Testing?

3699
13/10/2022
In this kind of testing, the penetration tester acts like a normal hacker who doesn't know anything about the target system.Testers don't get any diagrams of the architecture or source code that isn't available to the public.
Read More

What Are Security Headers and How Can We Implement Them For our Website?

5613
08/09/2022
When a browser asks a web server for a page, the server sends back the page's content along with headers. Some headers have meta-data about the content,
Read More

Best practices to prevent Data breaches in SAAS platform

4515
27/10/2022
Out of the entire population on the planet earth, at least most of them have a Facebook account. What if I tell you that these data's can be hacked not from your computer but from the cloud.
Read More

Different Types of session Based Attacks and How to Stop Them?

9025
19/12/2022
Imagine John surfing on the internet. He likes a product from a website. He orders it & now it is time to pay for it. He puts in the banking credentials. Everything went well.
Read More

How to save yourself from Phishing attacks? A quick guide

3277
30/06/2022
Phishing is a type of social engineering attack used to obtain sensitive information from users, such as login credentials and credit card information.It
Read More

What Is CRLF Injection Attack?

5242
15/07/2022
Twitter is one of the most popular social media platforms available today, with 100 million daily active users and 500 million tweets sent daily. But, do they have the best cybersecurity defense? Youssef discovered It was possible to inject the CRLF injection
Read More

Introduction to HTTP Request Smuggling Vulnerability

3496
15/12/2021
HTTP Request Smuggling is one of the critical web application vulnerabilities that is often goes unnoticed by many security reasearchers and penetration testers due to its complexity.
Read More

Drupal Core Remote Code Execution Vulnerability: CVE-2019-6340

4212
14/03/2019
Drupal is one of the most popular open source Content Management System (CMS) meant for developing, designing etc.
Read More

Are you still fighting against decade old application attacks

3724
30/01/2019
In this modern digital era, online transactions play a pivotal role.
Read More

Top Trending Web app security Vulnerabilities

4310
22/01/2019
For a long time in the cyber security world, Web applications are subjected to various kinds of security vulnerabilities because of the increase in its usage and the use of dynamic web application technologies
Read More

Word-press plugin lightspeed caches security flaws and how to exploit them

4202
02/08/2022
WordPress plugin LiteSpeed Cache has a cross-site scripting vulnerability because it does not properly sanitize user input. An attacker can take advantage.
Read More

Important Vulnerabilities And Smart Ways To Be Secured From Them

4067
06/11/2019
There’s a saying, ”Change is the only thing that never changes!” Similarly, each and every year has a change .
Read More

What Do You Need To Know About Cyber Kill Chain?

4132
18/10/2019
The Cyber Kill Chain framework is a part of the Intelligence driven defense model for identification and prevention of cyber intrusion activities (i.e. Hack or Breach).
Read More

What is the difference between OWASP Top 10 and ASVS Security Audit

8399
11/10/2022
OWASP is the blueprint for testing the web application security controls. It is safe to say that it helps the developers to develop application.
Read More

Techniques to Secure your SOAP and REST API

5672
13/02/2019
An API is called as Application Programming Interface which is used for communication. An API acts as a middle man who delivers your request to the provider and then delivers response to
Read More

Beware of Data War

4117
30/01/2019
Data as general is a set of information, knowledge or fact that is measured and stored in storage devices.
Read More

What is spring4shell vulnerability and how to address this vulnerability

3174
23/06/2022
Spring is a popular lightweight Java platform application framework that enables developers to easily create Java applications with enterprise-level features
Read More

Why Is It Important To Understand Owasp Automated Threats To Web Applications To Develop Better Security?

3118
05/10/2021
The primary goal was to create an ontology that would serve as a common language for developers,
Read More

My Website has HTTPS implemented. Should i really worry about implementing HSTS.

2939
26/05/2022
HTTP and that all redirection to the site using HTTP should be changed to HTTPS requests by default.
Read More

End to End Email Security with DMARC Records

3484
10/08/2021
DMARC also known as Domain Message Authentication, Reporting & Conformance is a technical standard that helps protect email senders and recipients from email related spoofing and phishing attacks
Read More

CWE-78 Improper Neutralization Of Special Elements Used In An OS Command Injection

4154
03/10/2018
OS command injection is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands.
Read More

Security Flaws in Third Party Apps

2746
21/12/2021
One thing that you have to remember is that outside parties such as auditors, customers don’t care how vulnerabilities got into your environment. Even if your hands are tied, application security flaws can and likely will .
Read More

What is the Difference Between AWS Vs Azure Vs Google from a Cloud Security Standpoint

2821
23/09/2021
These services are designed to provide easy, affordable access to applications and resources, without the need for internal infrastructure or hardware
Read More

6 Cybersecurity measures that Organizations tend to overlook

3703
16/11/2021
Cyberattacks are a major nuisance that aren't going anywhere anytime soon. Growing at an estimated 15% year over year, cybercrime costs to organizations worldwide are forecast to reach $10.5 trillion annually by 2025.
Read More

What and How to address LOG4J CVE-2021-44228 Vulnerability?

4276
13/12/2021
CVE-2021-44228 is the name of the zero-day vulnerability, which can affect any programme that logs user input. The effect may be seen in a variety of places, including Minecraft, which registers the names of users.
Read More
Image

Discover the Latest Cyber Threats - Stay Ahead of the Curve

Get exclusive access to our latest Threatsploit Report detailing the most recent and sophisticated cyber attacks. Stay informed and protect your business from emerging threats.

captcha-img

Copyright © 2025 Briskinfosec Technology and Consulting Pvt Ltd