icon Book Free Consultation

Blogs

Mastering Web App VAPT The Complete Guide

5421
26/04/2024
In today's interconnected digital landscape, web applications serve as the backbone of numerous online services, facilitating everything from e-commerce transactions to social media interactions.
Read More

Evolution of Ransomware and the trends in 2020

5866
29/04/2020
Nowadays the biggest danger that we come across and also something that we are about to face in future is The cyber threat the crime that happens via internet and technology.
Read More

Why VAPT is Crucial for Your Organizations Security-Beyond Compliance

2854
27/06/2023
Organizations face multiple cybersecurity dangers in the digital age, which could compromise confidential information.
Read More

Securing PHP Applications: Safeguarding Against the Top 3 Cyber Attacks

4172
23/06/2023
Are you aware that more than 810 million web applications, which account for over 30% of all web applications.
Read More

Ransomware The Deadliest Threat to Modern Cybersecurity

3203
18/06/2024
Ransomware has emerged as one of the most dangerous and persistent threats in the cybersecurity landscape.
Read More

Maximizing Security: Uncovering Threats with In-house Security and External VAPT Team

3965
07/07/2023
Discover how combining in-house security expertise with external VAPT teams can maximize your organization's security.
Read More

DNS Hijacking Prevention: Safeguarding Your Domain from Attacks

3657
12/07/2023
Protecting your domain against DNS hijacking attempts is essential in the modern digital world.When hostile actors take over a domain's DNS settings.
Read More

How to secure your Github repository?

6143
04/05/2019
GitHub is a hosting platform which helps developers to collaborate in building software’s. It helps the developers to manage source code management.
Read More

CWE-79 Improper Neutralization Of Input During Web Page Generation Cross-Site Scripting

6696
03/10/2018
Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications.
Read More

Detection and Exploitation of XML External Entity Attack XXE

7485
30/05/2019
XML External Entity Attack happens when an application allows an input parameter to be XML or incorporated into XMLwhich is passed to an XML parser
Read More

Server Side Includes Injection

6921
29/05/2019
Server Side Includes (SSIs) are directives present on web applications, used to feed an HTML page of the application with dynamic contents based on user’s input.
Read More

Cross Site Port Attack XSPA

8957
06/10/2018
A web application is helpless against Cross Site Port Attack if it forms client provided URL’s and does not disinfect the backend reaction obtained from remote servers previously while sending it back to the client.
Read More

Null Byte SQL Injection

12480
04/05/2019
Null Byte Injection is an exploitation technique which uses URL-encoded null byte characters to the user-supplied data. This injection process can alter the intended logic .
Read More

CRLF Injection Attack

11430
28/05/2019
The term CRLF refers to Carriage Return (ASCII 13, , \r) Line Feed (ASCII 10, , \n). Carriage Return means the end of a line, and Line Feed refers to the new line. In more simple words, both of these are used to note the end of a line.
Read More

Host Header Attack

38136
03/10/2018
Most commonly many web servers are configured in such a way, to hosts several websites or web applications on the same IP address. That’s why the Host Header Injection occurs.
Read More

What are the benefits of Cloud Penetration testing?

3086
05/08/2022
It all depends on how you perceive it to be. Most business owners feel that cloud space equals cloud security. Now, before I reveal the answer let’s see the story below; Accenture is no doubt the biggest name in software.
Read More

Json web token and its exploitation

3571
12/05/2022
As an open standard, the JSON Web Token (JWT) defines a compact and self-contained method for securely transmitting information between parties as a JSON object (RFC 7519).
Read More

What is the difference between Manual Penetration Testing versus Automated Penetration Testing?

4296
10/08/2022
The new normal has made the market bigger for digital transformation projects and strategies for moving to the cloud.
Read More

XML Rpc Attack

9238
29/07/2022
Yes, I am talking about U.S department of defense get hacked. Bibek Dhakal found that the xmlrpc.php file on the U.S. Department of Defense website had been turned on leaving it open to an attack on other sites. The XML Rpc.php in WordPress is turned on by default
Read More

Why should we use a proxy server?

5873
23/08/2022
People don't often stop to think about the most basic parts of how the internet works. But what happens when you browse the Internet? You could be using a proxy server at work, on a Virtual Private Network (VPN).
Read More

What weak credentials can do?

3264
07/10/2022
Yes! Hacking people's accounts is illegal. Hacker’s are enjoyed playing with weak credentials. A weak password is one that is easy to guess using a subset of all possible passwords in a brute force attack.
Read More

What is Black box Security Testing?

3708
13/10/2022
In this kind of testing, the penetration tester acts like a normal hacker who doesn't know anything about the target system.Testers don't get any diagrams of the architecture or source code that isn't available to the public.
Read More

What Are Security Headers and How Can We Implement Them For our Website?

5632
08/09/2022
When a browser asks a web server for a page, the server sends back the page's content along with headers. Some headers have meta-data about the content,
Read More

Word-press plugin lightspeed caches security flaws and how to exploit them

4207
02/08/2022
WordPress plugin LiteSpeed Cache has a cross-site scripting vulnerability because it does not properly sanitize user input. An attacker can take advantage.
Read More

Important Vulnerabilities And Smart Ways To Be Secured From Them

4073
06/11/2019
There’s a saying, ”Change is the only thing that never changes!” Similarly, each and every year has a change .
Read More

What is the difference between OWASP Top 10 and ASVS Security Audit

8419
11/10/2022
OWASP is the blueprint for testing the web application security controls. It is safe to say that it helps the developers to develop application.
Read More

CWE-78 Improper Neutralization Of Special Elements Used In An OS Command Injection

4164
03/10/2018
OS command injection is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands.
Read More
Image

Discover the Latest Cyber Threats - Stay Ahead of the Curve

Get exclusive access to our latest Threatsploit Report detailing the most recent and sophisticated cyber attacks. Stay informed and protect your business from emerging threats.

captcha-img

Copyright © 2025 Briskinfosec Technology and Consulting Pvt Ltd