by Alex Olsen | Sep 13, 2023 | Penetration Testing, Web Applications
Overview Version control systems, such as Git, are essential tools in software development, enabling seamless collaboration and change tracking. However, their widespread use can sometimes lead to unintended security oversights. While Git excels in managing code...
by Alex Olsen | Aug 23, 2023 | Penetration Testing, Web Applications
Server-Side Template Injection (SSTI) is an attack that allows an attacker to inject malicious input into a templating engine, leading to code execution on the server. While this vulnerability can be quite impactful, understanding and exploiting it requires a good...
by Alex Olsen | Aug 16, 2023 | Penetration Testing, Web Applications
Server-Side Request Forgery (SSRF) is a vulnerability that let’s an attacker have a server make requests on their behalf. Typically this can allow the attacker to reach internal resources that would otherwise be unavailable. Whilst the typical SSRF is dangerous...
by Alex Olsen | Aug 9, 2023 | Penetration Testing, Security, Web Applications
GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
by Alex Olsen | Aug 2, 2023 | Penetration Testing, Security, Web Applications
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
by Alex Olsen | Jul 12, 2023 | Penetration Testing, Security, Web Applications
Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...
