Server-Side Request Forgery (or SSRF) is an attack that consists of inducing a web application to send back-end requests to an unintended destination. Driven by the increasing popularity of Cloud […]
Category: Web Application Security
Host Header Injection Attacks
Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is largely widespread in the wild web. It is […]
HTTP Request Smuggling Explained
HTTP Request Smuggling (HRS) is a type of attack that is gaining more and more attention in recent years. Its rise is fueled by the high prevalence of Cloud-based applications […]
XXE Attacks Explained
Out of the many attacks that threaten web applications today, XXE remains the one that is talked about the least. Although it gets far less attention than XSS or SQL […]
CSRF (Cross-Site Request Forgery) Explained
Cross-Site Request Forgery (CSRF or XSRF), also called Client-Side Request Forgery, is a type of attack that targets web applications. It allows an attacker to induce users into accessing and […]
Introduction to Cross-Site Scripting (XSS)
This article presents a great introduction for anyone trying to learn about Cross-Site Scripting (or XSS). You don’t need to be an expert to follow along. However, you do need […]
Using THC Hydra To Brute Force Login Forms
THC Hydra is a powerful tool to use against login forms. It can perform brute force and dictionary attacks against different types of applications and services. When a web application […]
Using Gobuster to Find Hidden Web Content
Directories and Files enumeration is one of the first steps that an attacker performs during web application pentesting. This step is necessary to identify potential hidden areas of a website […]
Introduction to SQL Injection
SQL injection is often referenced as the most common type of attack on websites. It is being used extensively by hackers and pen-testers on web applications. The OWASP Top Ten […]