An Open Redirect is a vulnerability in a web application that allows an attacker to redirect a user to an arbitrary website. At first glance, this might not seem harmful, but with a malicious intent, it can be used as part of phishing attacks, malware distribution, or...
Local File Inclusion (LFI) is a vulnerability that allows an attacker to read files from a server they should not have access to. This can lead to to the exposure of sensitive information and often enables the attacker to progress further towards their goals. It’s...
Web development is a dynamic landscape that’s constantly evolving with new technologies, trends, and security threats. Unfortunately, the crucial aspect of web security is often overlooked. There are many reasons for this, and they vary from team to team and...
Content discovery is often focused on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. In particular, we often see Base64, URL encoding, and HTML encoding used across many applications both as part of the application’s general functionality and...
