This category includes related to Security Engineering
Security Engineers & leaders consider vulnerability assessments with OWASP risk metrics proactively for several reasons. This approach provides a structured and quantifiable method to identify,… Read More »Blending Vulnerability Assessments with OWASP Risk Metrics ✳️
Alright, fellow pentesters, let’s dive into why AI hacking should be on our radar. While most companies might not have fully integrated AI into their… Read More »AI Hacking – Friendly Guide for Pentesters
Greetings, cybersecurity enthusiasts! With over 4 years entrenched in the fintech sector, I’ve had the privilege to test the digital fortresses of some of the… Read More »Pentesting the Financial Vault: My Journey hacking into Top Fintechs
Hey there, fellow tech enthusiasts! 🌟 We live in an era where security reigns supreme, especially in the realm of software and technology products. Think… Read More »Demystifying Product Security vs Application Security
Hey there, fellow security enthusiasts! Today, I’m thrilled to take you on a journey behind the scenes of Patecatl, our remarkable vulnerability management solution. Although… Read More »An Automated Cost Effective Vulnerability Management Workflow
Introduction: The increasing frequency and severity of cyber attacks have made application security (appsec) a top priority for businesses worldwide. Appsec pipelines, which are automated… Read More »Fortify Your Code:A Robust AppSec Pipeline for Every Organisation
Gitleaks is a tool for finding sensitive information accidentally committed to a git repository. To set it up, you will need to install it on… Read More »Easy Deploy GitLeaks
Node JS Security Tips 1. Overview These are generally applied to all the frameworks. Summarizing posts from different references. Security HTTP Headers – Strict-Transport-Security enforces secure… Read More »Node JS Security Tips
Container Security Part 3 From the last 2 parts we have understood the Attack Surface of a docker, How we can exploit a docker with… Read More »How to level up your Container Security Journey? Part 3
A significant amount of risks with it when not properly used users who are part of the docker group can elevate their privileges to root.… Read More »How to level up your Container Security Journey? Part 2
Part 1 But why Containers? We use docker for its easy use, portability, and scalability in a very efficient way. I believe it’s a big… Read More »How to level up your Container Security Journey? Part 1
Memory management is the process of usage of memory from our machine by the application and release the memory when in no use. Memory leaks… Read More »Exploiting & Troubleshooting Memory Leaks – 1
Financial Technology, also known as Fintech, which involves finance and the use of technology to ease & automate the process of Global market payment systems.… Read More »Importance of Cyber Security in India’s fintech sector
In this post I wanted to portray that Privacy doesn’t exist, Freedom of speech doesn’t exist. How TOR breaches your privacy including attackers and other… Read More »The art of attacking TOR (Independence Day post)
In this post I have shared how I use bypassing logics to convert SSRFs into RCEs and some other critical information disclosures which pays some… Read More »Bypassing SSRFs like a King
During this quarantine, I see a lot of people are using the zoom app from business meetings to connecting with your loved ones. Even Boris… Read More »Zoom is still vulnerable even after the latest patch? RCE in zoom video conferencing app
BugBounty is a crowdsourcing cybersecurity solution. Organizations like Pentagon, Google, Yahoo, Microsoft, Pornhub, Netflix, MIT, etc many other organizations from small to big paying huge to hackers for finding security issues.… Read More »10 Amazing Bug-Hunting Tools You can’t Live Without