Server Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server side application to make HTTP requests to an arbitrary domain of the attacker's...

While React provides several built in protections against Cross Site Scripting (XSS) attacks, it's still possible to introduce XSS vulnerabilities in React applications. This comprehensive guide...

Cross Site Scripting (XSS) is one of the most prevalent and dangerous web application security vulnerabilities. According to OWASP, XSS consistently ranks among the top 10 web application security...

Cross Site Request Forgery (CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It occurs when a malicious website,...

SSRF (Server Side Request Forgery) is a type of security vulnerability where an attacker tricks a server into making a request to another internal or external system that the attacker shouldn’t have...

JWT JSON Web Tokens JWT is short for JSON Web Token. It is a compact and secure way to send information between two parties – like a client (browser) and a server. We usually use JWTs to: Log users...

In the previous example, we saw how a classic SQL Injection Login Bypass works. SQL Injection is not all about that. The real fun is we can extract the data from the database. In this tutorial, we...

Out of Band SQL Injection (OOB SQLi) is an advanced SQL injection technique where the attacker cannot retrieve data directly through the same communication channel used to send the injection payload....

Blind SQL Injection happens when: There is a SQL injection vulnerability, BUT the application does not show any SQL errors or query outputs directly. In this case, an attacker has to ask questions to...

Blind SQL Injection happens when: There is a SQL injection vulnerability, BUT the application does not show any SQL errors or query outputs directly. In this case, an attacker has to ask questions to...

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation focused on improving the security of software. It provides free, vendor neutral tools, resources, and standards that...

SQL Injection (SQLi) is one of the oldest and most fundamental web application vulnerabilities. While it’s becoming rarer in modern web apps due to better coding practices and frameworks,...

Web applications are one of the most targeted surfaces by attackers. This is primarily because they are accessible over the internet, making them exposed and potentially vulnerable. Since these...

Remote Command Execution (RCE) is a critical security vulnerability that allows an attacker to execute arbitrary commands on a remote server. This vulnerability can lead to unauthorized access, data...