Access control

Correct-Auth-KrishnaG-CEO

Ensuring Trust Through Correct Authorisation: A Comprehensive Examination of CWE-863

by

CWE-863: Incorrect Authorisation occurs when an application fails to enforce correct authorisation measures, allowing unauthorised users or processes to access resources, perform operations, or retrieve data that should be off-limits. It is sometimes conflated with authentication flaws, but the essence of CWE-863 lies in improper or missing checks that would otherwise confirm if a user has the necessary permissions to perform a specific action.
From a technical standpoint, one might imagine an application employing robust identity verification (authentication) only to overlook critical checks about what a user is allowed to do once logged in (authorisation). This oversight can be the gateway to data leaks, privilege escalation, or even sabotage of core business processes.

SSRF-Vulnerabilities-KrishnaG-CEO

OWASP Top 10 API Security Risks – 2023: API7:2023 – Server-Side Request Forgery (SSRF)

by

SSRF vulnerabilities occur when an API fetches a remote resource using a user-supplied Uniform Resource Identifier (URI) without adequate validation. This oversight allows attackers to manipulate the request, coercing the server to interact with unintended destinations. These attacks bypass traditional network controls like firewalls and VPNs, making them particularly insidious.

LDAP-Injection-KrishnaG-CEO

Comprehensive Guide to LDAP Injection: SANS Top 25 CWE-90

by

LDAP Injection attacks are a severe and growing threat, with the potential to compromise sensitive data, escalate privileges, and disrupt business operations. Real-world incidents have demonstrated the wide-ranging consequences of such vulnerabilities, including financial losses, reputational damage, and regulatory repercussions.

By understanding the risks associated with LDAP Injection and adopting best practices for mitigation, organisations can protect themselves from these types of attacks. Regular security assessments, input validation, and the use of secure coding practices are essential for preventing LDAP Injection vulnerabilities and safeguarding against the potentially devastating impacts of these attacks.

LDAP Injection is a critical vulnerability that can have devastating consequences for an organisation, ranging from unauthorised data access to privilege escalation. By understanding how LDAP Injection works, the risks it presents, and the steps that can be taken to identify and mitigate it, penetration testers can play a pivotal role in strengthening the security posture of an organisation.

Broken-Access-Control-KrishnaG-CEO

Broken Access Control: A Silent Threat to Your Business

by

Access control is the process of defining who can access what resources and under what conditions. When these controls are not properly implemented or enforced, it leads to Broken Access Control. This vulnerability allows unauthorised individuals to access sensitive data, modify critical systems, or even take complete control of the infrastructure.

Siri-Vuln-KrishnaG-CEO

Siri Bug: A Chasm in Apple’s Security Wall

by

The Siri bug, a security loophole, allowed malicious actors to bypass device security measures and access sensitive information stored on locked iPhones, iPads, and other Apple devices. This was achieved through voice commands directed at Siri, circumventing the need for a passcode or biometric authentication.