GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
The rapidly evolving world of cybersecurity brings with it an ever-expanding catalogue of threats. One such vulnerability, which has been gaining traction recently in the API space, is Server-Side Request Forgery (SSRF). Though it’s not a new concept, SSRF has...
Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...
An Open Redirect is a vulnerability in a web application that allows an attacker to redirect a user to an arbitrary website. At first glance, this might not seem harmful, but with a malicious intent, it can be used as part of phishing attacks, malware distribution, or...
Local File Inclusion (LFI) is a vulnerability that allows an attacker to read files from a server they should not have access to. This can lead to to the exposure of sensitive information and often enables the attacker to progress further towards their goals. It’s...
