For many years ago, cyber security was considered as a final product or job that you add when the application functionalities are correctly working. However, today the game has changed and it is becoming a part of the Development lifecycle. Now how many steps are there in a secure development ...
One of the most frequent questions that I get from my client, especially those who use Godaddy as a hosting service is this, what do you think about Godaddy’s website security pack? is godaddy website security worth it? Therefore, I decided to create a blog post about this question to ...
For many years, one of the most confusing vulnerabilities for both security professionals and clients in the industry is the Directory path traversal and the file inclusion (LFI/RFI). So what is the difference between these two vulnerabilities? The main difference between a Directory path traversal and the file inclusion vulnerabilities ...
After years of doing penetration tests and working with many companies, I have started to notice that this question start to become more frequently asked especially from those with complex apps. Therefore, here is my response to the question Do I need to fix all the discovered vulnerabilities? Fixing a ...
DevSecOps is one of the most in-demand fields in the industry of cybersecurity. Most companies that I worked with are thinking or start to implement this process in their daily integration. Therefore, I decided to write this blog post to help those who are looking for recruiting a DevSecOps engineer ...
CVE is a very popular word in the cyber security industry. If you take any penetration test or any vulnerability assessment report, you will find a bunch of CVEs for every asset. However, does this means that all the vulnerabilities have a CVE? According to the vulnDB database of discovered ...
Every time I give my penetration test report to my client to start fixing their vulnerabilities, the first question they ask, is which one we should prioritize in our fixing plan? Here are five types of vulnerabilities that need to be prioritized while fixing the discovered ones, ordered by criticality: ...
One of the most critical incident that could happen to a website owner, is to find his website blacklisted. According to some researches, this blacklisting leads to more than 90% of traffic decrease. So, what are the main reasons that push search engines to blacklist a website. Here is 8 ...
If you have already performed a penetration test on your website or your network infrastructure, then you should have heard about the scope of the penetration test. Defining the scope for a penetration test is performed by following the next 10 steps: Defining the tested assets Defining the criteria of ...
Undoubtedly, ChatGPT stands out as one of the most remarkable inventions of 2021. Its wide-ranging capabilities and applications have opened up endless possibilities for human interaction and problem-solving. Furthermore, certain users have begun employing ChatGPT for the actual execution of smart contract audits. However, can ChatGPT audit a smart contract? [...]
