AWS, DevOps

Access and Modify Google Sheet using Python

  This would be my first blog where I am using Python. I am excited to share what I did using Python. I wanted to update google sheet using bash shell scripting but did not found anything I can play around using bash. Later, I opted for Python as it provides "gspread" library which could be used to work on google sheet. ...

by Navjot Singh
Tag: authentication
30-Jun-2016

Application Security, Technology

(In)Secure Authentication schemes in REST APIs

To make authenticated REST API calls in applications, several authentication schemes are used by developers. Some of them use HTTP Basic Authentication scheme, and others, as per their needs(or wants), use custom authentication schemes. Now, it's good to experiment but not at the cost of security. In this blog, we will look into the...

by Nikhit Kumar
Tag: authentication
29-Feb-2016

Automation Testing, Testing

Easy approach to handle authentication window in selenium webdriver

Before we get started, on how to handle authentication window in Selenium WebDriver. Let’s discuss what authentication window is & why it is used in applications? What is Authentication Window? Authentication is a process which is required to access some applications in which HTTP authentication is used for security purpose....

by Shilpa Ranjan
Tag: authentication
04-Feb-2016

Application Security, Responsible Disclosures

How I discovered RCE through a Misconfigured plugin

We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing  for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the...

by Ankit Giri
Tag: authentication
13-Jan-2016

Technology

Cross-domain SSO with Google into AWS Console using SAML

Recently, I worked on a task wherein the users had to be authenticated based on existing Google credentials to get access of AWS Management Console. It took more time than expected to make it work as the documentation provided by Google is not complete. Let’s start by setting this up step by step. Scenario: Provide access of AWS...

by Navjot Singh
Tag: authentication
17-Dec-2015

Application Security, AWS

Why compromised Jenkins can lead to a disaster?

I was recently searching for something on Google and came across this instance of what might be a logical vulnerability prevailing across multiple web applications. I was searching for publicly accessible Jenkins console through Google Dorking. My search query listed some of the websites that had Jenkins as a part of their domain...

by Ankit Giri
Tag: authentication
04-Dec-2015

Application Security, Technology

An essence of Application Security in E-commerce

Hackers and cyber criminals identify E-commerce sites as a source of information, such as credit cards and other PII (Personally identifiable information). To protect customers, it's necessary to know how to protect the application and the sensitive customer data it has. All this involves user's trust and assurance on the brand and...

by Ankit Giri
Tag: authentication
19-Oct-2015

Application Security, Grails

Spring Security & Grails: Cross domain authentication from HTTP to HTTPS

We were trying to implement SSL-based login and registration (i.e. HTTPS) in an e-commerce web application which was otherwise using the non-secure protocol (i.e. HTTP) for the entire website. Instead of moving the entire web application to SSL, which would have increased response times, we thought it would be best if only the...

by Roni C. Thomas
Tag: authentication
01-Oct-2013