Web applications are often the first target for attackers due to the vast amount of sensitive information they contain. Ensuring the security of these applications is crucial to protect both users and businesses from potential cyber threats. One of the most effective ways to identify vulnerabilities in web applications is through web application penetration testing. […]
Stored Cross-Site Scripting (XSS) are relatively common and dangerous vulnerabilities that can compromise your web application’s security. In this article, we will discuss what stored XSS attacks are, their impact on website security, and stored XSS protection in web applications with examples of stored XSS vulnerability we found in MISP. In this article you will […]
In this article, we are going to explore the topic of PHAR deserialization php vulnerability that Dawid found in a white box testing. Before we continue, let’s talk about PHAR a little bit and after that what is the PHAR deserialization php vulnerability. In this article you will find: What is PHAR? PHP Archive (in […]
In this article As someone who tests web application security cautiously, Dawid discovered a vulnerability in MISP, a popular open-source platform for sharing and analyzing threat information. This vulnerability allows an attacker to bypass password confirmation and change sensitive information without proper authorization. In this article, I’ll explain the technical details of this PHP vulnerability […]
Improve your web application scanner by understanding the attack surface Understanding the attack surface of the web application is a very important step while conducting cybersecurity research or penetration testing. Even if you are running a web application scanner as part of DAST activities, knowing the attack surface will help you cover more functionality of […]