Let's Connect

Blog

Ultimate Guide To SQL Injection – Part I
Ultimate Guide To SQL Injection – Part I
Ultimate Guide To SQL Injection – Part I
Ultimate Guide To SQL Injection – Part I

Ultimate Guide To SQL Injection – Part I

Cybersecurity expert and hacker Jeff Forristal initially described the SQL injection attack in 1998. It has been more than two decades since its discovery and it is still leading the Owasp Top 10. To define SQL injection vulnerability we can say that when invalid or incompletely verified strings are combined into a dynamic SQL query

CVE-2022-30190 THE FOLLINA VULNERABILITY

CVE-2022-30190 THE FOLLINA VULNERABILITY

Introduction To Follina (CVE-2022-30190) On May 27th, 2022, Nao_sec discovered a strange Word document uploaded from a Belarusian IP address. Apparently, this was a zero-day vulnerability in Microsoft Office or Windows known as Follina. A malicious Word document can exploit the Follina vulnerability and execute arbitrary code. A vulnerability exploits the built-in URL handlers in

Authentication and Authorization

As you recursively visit your local bank, there is a possibility that the bankers will recognize you by looking at you. Yes, we can call this a form of authentication. But as the world moves toward digitization, the methods of authentication are changing as well. Now, we have to log in to our national bank’s

Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR) was listed in the OWASP (Open Web Application Security Project) Top 10 back in 2007 and currently falls under the A5 Broken Access Control category. Idor has been part of the Top 10 vulnerabilities throughout the decade. In Insecure direct object reference an unauthorized request is being made to access