Web application technology is one of the most popular and rising types of software used by companies in their daily business life. In addition, it is the most exposed surface for the public. In the last decade, most people have started noticing an increase in security threats affecting this technology, ...
Every time I do a course about penetration testing or secure coding, the most common question I get from my student is for example, Does SQL injection still work 2021? SQL injection still works in 2021 and it will probably still working at least for the next 5 years. In ...
In the last few years, I have worked with some companies in the market to implement security in their DevOps system, and it was really a good experience that let me understand what really works and what doesn’t in a DevSecOps environment. Here is a table that summaries the pros ...
For many years ago, cyber security was considered as a final product or job that you add when the application functionalities are correctly working. However, today the game has changed and it is becoming a part of the Development lifecycle. Now how many steps are there in a secure development ...
For many years, one of the most confusing vulnerabilities for both security professionals and clients in the industry is the Directory path traversal and the file inclusion (LFI/RFI). So what is the difference between these two vulnerabilities? The main difference between a Directory path traversal and the file inclusion vulnerabilities ...
After years of doing penetration tests and working with many companies, I have started to notice that this question start to become more frequently asked especially from those with complex apps. Therefore, here is my response to the question Do I need to fix all the discovered vulnerabilities? Fixing a ...
Every time I give my penetration test report to my client to start fixing their vulnerabilities, the first question they ask, is which one we should prioritize in our fixing plan? Here are five types of vulnerabilities that need to be prioritized while fixing the discovered ones, ordered by criticality: ...
NFTs are digital tokens that represent unique and scarce assets on the blockchain. They have become a popular way to create, buy, and sell digital art, collectibles, music, and more. But, can NFTs be malicious? NFTs could be malicious. Even if NFTs are pieces of art, they both remain connected [...]
