What is Server-Side Template Injection? An attack that allows the attacker to use the native template syntax to inject a few malicious payloads into the template is been called Server-side template injection or also known as SSTI. Normally, the attacks will work when the attacker makes […]
In this post, I want to share on Directory Traversal Attack Method which can be useful during any Red Teaming OR Penetration Testing Before I share the demo of the attack over here, let’s study the methodology and the process of the attack on the website. […]
Web Application Assessment Information Firstly, we need to understand why Web Application Assessment is important to any organization out there. As people should be aware by now, Web Applications have played an important and vital role in an organization’s future which is also exposed to cybercriminals […]
In this post, I would like to share knowledge and experience while doing Database Penetration Testing. The purpose of Penetration Testing is to find vulnerabilities within the system and simulate the controlled environment if there is any cybersecurity attack which will be exposed to the public. […]
In this post, i would like to share one attack method that will take advantage on QR Code which called Quick Response Code Login Jacking (QRLJacking). QRLJacking is a new method that most people might not even heard before. QRLJacking is a direct and easy social […]
What is AWS Penetration Testing? AWS (Amazon Web Service) Penetration Testing can also be considered as one of the areas that pentester will invest in during Red Team Activities. The finding that might catch the eyes of the attacker would be AWS Privilege Access where the […]
In this post, I would like to share about XML Injection Attack that might be useful for some scenarios. For those who are not familiar with XML Injection attack, XML Injection is an method that been used by the attacker to manipulate or exploit the logic […]
Nowadays, programming is considered as a very important element in the industry especially IT. In this post, I would like to share a brief knowledge about Penetration Testing using Python code which can be useful for other people out there. Below are the example from the […]
Cross-origin resource sharing can be considered as one of the attacks that the website application server vulnerabilities. Normally, it will enable any controlled access to the bug located where it will run the Cross-origin rules such as Access-Cross-Allow-Origin: However, this will affect if CORS is been […]
Cross-site Scripting is an attack where the attacker will enable to insert client-side script into the application to gain access control and data of the application. An example of common Cross-Site Scripting that I do believe everyone is well-aware of it can be seen as below […]