Broken Object Level Authorization (BOLA) is a vulnerability that occurs when an application fails to enforce access controls on sensitive data or resources. BOLA is important to understand and test for as it has been the most common and impactful vulnerability across...
What is Mass Assignment? Mass assignment is a feature, and it makes our lives easier when trying to map input passed from the front end to the back end. By automatically assigning values to the properties of an object, we save some time in development and gain some...
Ensuring our code is secure is a critical part of protecting our applications and we should strive to build applications that are both secure by design and in practice. Many organizations use different approaches to achieve this. Today we’re going to take a look at...
Code review is an essential part of the web application penetration testing process but is often overlooked. We’re going to look at why it’s important and how to get started. There are a number of reasons why we might decide to review the source code of an application...
Most modern web applications load resources such as fonts and JavaScript from other domains or a CDN. CORS is a security feature that prevents unauthorized access to web resources. However, depending on how it’s implemented CORS can still be attacked. Let’s first take...
