Application Security, Responsible Disclosures

How I discovered RCE through a Misconfigured plugin

We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing  for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the...

by Ankit Giri
Tag: access control
13-Jan-2016

Application Security, AWS

Why compromised Jenkins can lead to a disaster?

I was recently searching for something on Google and came across this instance of what might be a logical vulnerability prevailing across multiple web applications. I was searching for publicly accessible Jenkins console through Google Dorking. My search query listed some of the websites that had Jenkins as a part of their domain...

by Ankit Giri
Tag: access control
04-Dec-2015

Application Security, AWS

AWS Security practices demystified

We come across a lot of instances of Cloud based applications being hit by DDoS attacks. We must accept the fact that most of us are unaware of risks and protection methods available for DDoS protection in the cloud. This blog post emphasizes on understanding DDos attack and providing an approach to prevent unauthorized access and usage...

by Ankit Giri
Tag: access control
31-Jul-2015