NestJS is a progressive Node.js framework for building efficient, reliable, and scalable server-side applications. A prerequisite for this article is a basic understanding of NestJS. If you have worked on Node.js web applications and want to implement applications using object-based programming, such as Java, NestJS is good to go. The...
Application Security, Technology
To make authenticated REST API calls in applications, several authentication schemes are used by developers. Some of them use HTTP Basic Authentication scheme, and others, as per their needs(or wants), use custom authentication schemes. Now, it's good to experiment but not at the cost of security. In this blog, we will look into the...
Application Security, Technology
We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the...
Recently, I worked on a task wherein the users had to be authenticated based on existing Google credentials to get access of AWS Management Console. It took more time than expected to make it work as the documentation provided by Google is not complete. Let’s start by setting this up step by step. Scenario: Provide access of AWS...
I was recently searching for something on Google and came across this instance of what might be a logical vulnerability prevailing across multiple web applications. I was searching for publicly accessible Jenkins console through Google Dorking. My search query listed some of the websites that had Jenkins as a part of their domain...