As an old developer and a penetration tester, between all the vulnerabilities I have seen in my whole experience in both fields file upload was the most difficult one to fix and the most dangerous. The difficulty resides in the number of things you should check before allowing a file ...
After all these years of experience in penetration testing if someone asks me what is the 4 main types of vulnerability in cybersecurity? My answer would be as following. Here is the list of the 4 main types of vulnerabilities in cybersecurity: Injections Authorization based Sensitive data exposure Business logic ...
Python is one of the rising development technologies in the market. Many software development companies start using it for developing web applications. Like any software development technology, Python may also have multiple security issues that can hurt websites and be the cause of a security breach. In this blog post, ...
One of the most common questions that I get from my students when I do my penetration test course is what is the most common web security vulnerability? After years of experience in penetration testing, I had a conviction that this question has a different response depending on the period ...
Web application technology is one of the most popular and rising types of software used by companies in their daily business life. In addition, it is the most exposed surface for the public. In the last decade, most people have started noticing an increase in security threats affecting this technology, ...
Every time I do a course about penetration testing or secure coding, the most common question I get from my student is for example, Does SQL injection still work 2021? SQL injection still works in 2021 and it will probably still working at least for the next 5 years. In ...
In the last few years, I have worked with some companies in the market to implement security in their DevOps system, and it was really a good experience that let me understand what really works and what doesn’t in a DevSecOps environment. Here is a table that summaries the pros ...
For many years ago, cyber security was considered as a final product or job that you add when the application functionalities are correctly working. However, today the game has changed and it is becoming a part of the Development lifecycle. Now how many steps are there in a secure development ...
For many years, one of the most confusing vulnerabilities for both security professionals and clients in the industry is the Directory path traversal and the file inclusion (LFI/RFI). So what is the difference between these two vulnerabilities? The main difference between a Directory path traversal and the file inclusion vulnerabilities ...
Undoubtedly, ChatGPT stands out as one of the most remarkable inventions of 2021. Its wide-ranging capabilities and applications have opened up endless possibilities for human interaction and problem-solving. Furthermore, certain users have begun employing ChatGPT for the actual execution of smart contract audits. However, can ChatGPT audit a smart contract? [...]
