SEO poisoning, also known as negative SEO, is a black hat SEO technique that aims to manipulate search engine algorithms to lower the ranking of a website in search engine results pages (SERPs). This can be done through a variety of methods, such as: SEO poisoning can have a number of negative consequences for websites, …
The Heartbleed Bug is a serious flaw in the widely used OpenSSL cryptographic software library. This flaw allows information to be stolen that would otherwise be protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS ensures Internet communication security and privacy for applications such as web, email, instant messaging (IM), and some virtual …
Applications may Base64-encode parameters to conceal them from users or to ease the transfer of binary data. The existence of Base64-encoded data might suggest security-sensitive information or functionality that should be investigated further. The data should be examined to see whether it includes any noteworthy information or other entry points for malicious input. Solution Manually …
Cookies can be restricted based on their domain or path. This check just looks at domain scope. A cookie’s domain scope specifies which domains may access it. A cookie, for example, can be rigidly scoped to a subdomain, such as www.nottrusted.com, or loosely scoped to a parent domain, such as nottrusted.com. In the latter situation, …
The hardware gives different levels of privilege. The kernel is a critical component of the operating system that operates at the highest privilege level (yes, I realize there are complexities with virtualization) and regulates the privilege levels. The kernel forbids applications from accessing or writing to each other’s memory at a lower level. The kernel …
What is User Password Persisted in Memory Vulnerability? Read More »
MIME-type sniffing is a typical feature in browsers that allows them to identify an acceptable method to display data when the HTTP headers given by the server are inconclusive or absent. This enables earlier versions of Internet Explorer and Chrome to do MIME-sniffing on the response body, potentially leading it to be interpreted and presented …
What is Lack of Security Headers X-Content-Type-Options Vulnerability? Read More »
Data URI is a clever method of inserting tiny files inline in HTML texts. Instead of referring to a file kept locally on the server, the file is delivered as a base64-encoded string of data prefixed by a mime-type inside the URL itself. A MIME-type string, such as “image/jpeg” for a JPEG image file, is …
What is Cross-Site Scripting (XSS) Off-Domain – Data URI Vulnerability? Read More »
SQL Injection Vulnerability: A Threat to Data Security SQL Injection is a severe security vulnerability that arises when user inputs are improperly handled in an application’s SQL queries, allowing malicious users to manipulate and even control the database. This vulnerability can result in data breaches, unauthorized access, and potential data loss. How SQL Injection Occurs: …
One sort of injection attack is a CRLF injection attack. It has the potential to progress to more malicious attacks such as Cross-site Scripting (XSS), page injection, web cache poisoning, cache-based defacement, and others. If an attacker can inject CRLF characters into a web application, such as through a user input form or an HTTP …
What is HTTP Response Manipulation – Response Splitting (CRLF) Vulnerability? Read More »
When someone sends an email using a forged sender address, this is known as email spoofing. Because email lacks built-in authentication, spammers, phishers, and attackers utilize spoofing to exploit the confidence that the faked domain holds and trick users into disclosing critical information. To safeguard a domain, you must take action and set up authentication …
