Web servers are becoming more and more the first target for attacks. This focus comes from the fact that web servers are the most exposed servers in any company network. In addition, taking control over the webserver could be the first access point to the local network of the victim. ...
One of the most common questions that I get from my students when I do my penetration test course is what is the most common web security vulnerability? After years of experience in penetration testing, I had a conviction that this question has a different response depending on the period ...
Web application technology is one of the most popular and rising types of software used by companies in their daily business life. In addition, it is the most exposed surface for the public. In the last decade, most people have started noticing an increase in security threats affecting this technology, ...
Every time I do a course about penetration testing or secure coding, the most common question I get from my student is for example, Does SQL injection still work 2021? SQL injection still works in 2021 and it will probably still working at least for the next 5 years. In ...
One of the most confusing systems in the DevSecOps methodology is Dynamic application security testing (DAST). Many people I’ve met think are basically confused between DAST penetration testing and either a DAST tool can be part of the DevSecOps or not. Therefore, in this blog post, I am going to ...
In the last few years, I have worked with some companies in the market to implement security in their DevOps system, and it was really a good experience that let me understand what really works and what doesn’t in a DevSecOps environment. Here is a table that summaries the pros ...
For many years ago, cyber security was considered as a final product or job that you add when the application functionalities are correctly working. However, today the game has changed and it is becoming a part of the Development lifecycle. Now how many steps are there in a secure development ...
One of the most frequent questions that I get from my client, especially those who use Godaddy as a hosting service is this, what do you think about Godaddy’s website security pack? is godaddy website security worth it? Therefore, I decided to create a blog post about this question to ...
For many years, one of the most confusing vulnerabilities for both security professionals and clients in the industry is the Directory path traversal and the file inclusion (LFI/RFI). So what is the difference between these two vulnerabilities? The main difference between a Directory path traversal and the file inclusion vulnerabilities ...
Undoubtedly, ChatGPT stands out as one of the most remarkable inventions of 2021. Its wide-ranging capabilities and applications have opened up endless possibilities for human interaction and problem-solving. Furthermore, certain users have begun employing ChatGPT for the actual execution of smart contract audits. However, can ChatGPT audit a smart contract? [...]
