Application Security, Cloud

Top 10 Security Recommendations for Online Businesses

Recently, cyber attacks have been on a rise, and it appears that every other day due to these attacks, businesses are being held to pay ransom to protect themselves or go out of business. There are businesses who have shut shop and then there are businesses which have paid ransom to secure themselves, however that doesn’t guarantee...

10-Feb-2017

Application Security, Responsible Disclosures

How I discovered RCE through a Misconfigured plugin

We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing  for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the...

13-Jan-2016

Application Security, Responsible Disclosures

Malicious exploitation of Unauthenticated Request submissions

During a recent penetration test on one of our client's application, we came across a case of malicious file propagation through the application server. The attack does not require an authenticated session. The vulnerable section is accessible by unauthenticated users. The attack involves an attacker submitting a malicious request (a...

13-Jan-2016