Application SecurityTechnology
In my previous blog on Ithemes Security, we went through Dashboard, Configuration and Global Settings. In this second part of the blog series, A detailed understanding of sections 404 Detection, Away Mode, Banned Users will be covered. 404 Detection Hackers are always looking for vulnerabilities that can be exploited. Some vulnerabilities can be found as […]
A thief picks a lock to open it. But if the key is already available, it’s a piece of cake for the thief. Such is the nature of applications and hackers today. All it takes is one mistake from the developer(the key) and the hackers capitalize on that mistake (the theft). It has been rightly […]
Hackers and cyber criminals identify healthcare organizations as a source of assets, similar in a way that a bank has monetary assets. In case you have any doubt about the previous statement, I would like to reassure you that healthcare information has a monetary value and worth. And yes, it is at risk. What is […]
Almost every web and mobile application today gives you an option to create an account. Once you have created an account, you can login and access all the features of the application. This login process allows you to manage data that is private to you. This feature is referred to as Authentication, where a user […]
In continuation to my last blog about possible attacks on a password reset functionality, this part of the same series will look into below two implementations: • Email sent with a temporary password or current password • Secret questions asked and then given the option to reset the password I will mention possible issues which might […]
WordPress websites are mostly an easy target for attacks due to improper file permissions and vulnerable plugins being installed. Different factors that lead to attack on WordPress sites are :- Weak Passwords Vulnerable Plugins Obsolete version of WordPress being used Possible Solution Securing WordPress is a process and it involves a number of steps. A […]
Ever faced a situation when you click on an advertisement, nothing happens and you are just redirected to a random strange website which you do not like or probably, as soon as you click an ad, numerous pop-ups come up and close automatically. There’s a good chance that you might have clicked on a ‘malvertisement’. […]
Sleepy Puppy is a payload management framework for Cross Site Scripting that enables security engineers to simplify the process of capturing, managing, and tracking XSS propagations. Delayed XSS (a variant of stored XSS) Delayed XSS testing is testing that can be used to extend the scope of attack beyond the immediate effect of particular payload. […]
For every developer, implementing a password reset feature is a very interesting part. This is where he develops a logic and then implements it in the code. There is no well-defined industry standard on how to implement a secure password reset functionality in your application. So, the result is that every application has a different […]