Web Security Archives

Introduction We have discussed in the previous post regarding the introduction, basically Insecure deserialization is a critical vulnerability that often lurks in legacy systems and internal applications. Serialization and deserialization are foundational operations in modern software development, enabling communication between systems, data storage, and object persistence. However, improper use of deserialization—particularly with unsafe serializers like…

Shekhar Suman01 mins

Web Security

6 months ago6 months ago

Insecure Deserialization: A Silent Killer in Modern Applications

In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical…

Shekhar Suman12 mins

Insecure Deserialization: A Silent Killer in Modern Applications

Web Security

2 years ago1 year ago

Appsec Automation : Why we need this hot cake

Hello guys !! Hope all good at your side of the screen. Today we will discuss about the topic which everybody is talking about. I am sure we all have a same answer if someone asks how we will if our all tasks will get automated and we can sit back and relax. A big…

Shekhar Suman02 mins

Appsec Automation : Why we need this hot cake

Web Security

8 years ago

Advanced Exploitation with Sqlmap

We have learnt the basic exploitation of Sql Injection with the help of Sqlmap in our previous posts. But there is always a step further. In this post we will see most advanced exploitation with Sqlmap. Once again 3 cheers to Kunal for helping me out for this post. In our first post of Sqlmap,…

Shekhar Suman12 mins

Web Security

8 years ago

Form based SQL Injection with Sqlmap

In previous post we have seen the basic tutorial of Sqlmap and the exploitation. The exploitation was about the GET request or where the vulnerable parameter is passing in the URL. There is another aspect of Sql Injection where it happens in form based submissions. In more technical terms a POST request where the certain…

Shekhar Suman11 mins

Web Security

8 years ago

Sqlmap tutorial for beginners – hacking with sql injection

As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP. Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website. Sqlmap…

Shekhar Suman11 mins

Web Security

8 years ago

Install Sqlmap on Windows

Sqlmap is arguably the most popular tool for exploitation of sql injection vulnerability and database takeover. It is completely automated and customization depending upon the server or database configurations. This tool provides wide ranges of flags which can be used to trigger an attack in an effective manner. It is completely open-source in terms of…

Shekhar Suman71 mins

8 years ago

OS Command Injection : Simple yet effective

What is OS Command Injection OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component. So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access…

Shekhar Suman42 mins

Web Security

9 years ago2 years ago

Back Refresh Attack Vulnerability on QualysGuard- Your browser’s back button can do more than you think !!

Hello Guys !! Hope the new year started good for you all. Continuing my previous statement of “sometimes functionality leads to vulnerability..”, I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios…

Shekhar Suman22 mins

Web Security

9 years ago

CSV Macro Injection

CSV Macro Injection : It’s rather a trick to abuse the functionality… Application security is quite a tricky domain. Just imagine for all those years when you thought something as a functionality of the application and suddenly it turns out to be a vulnerability which can be exploited to take down your system completely. CSV…

Shekhar Suman33 mins

Category: Web Security

Insecure Deserialization in .NET: Risk and Fixing Legacy Code

Insecure Deserialization: A Silent Killer in Modern Applications

Appsec Automation : Why we need this hot cake

Advanced Exploitation with Sqlmap

Form based SQL Injection with Sqlmap

Sqlmap tutorial for beginners – hacking with sql injection

Install Sqlmap on Windows

OS Command Injection : Simple yet effective

Back Refresh Attack Vulnerability on QualysGuard- Your browser’s back button can do more than you think !!

CSV Macro Injection