Burp Suite Archives - Krishna Gupta

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

14 March 2025 by Krishna

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

OWASP Top 10 for Mobile Apps: M6 – Insecure Authorisation

6 February 20256 February 2025 by Krishna

Insecure authorisation occurs when an application fails to properly enforce access control mechanisms, allowing unauthorised users or attackers to access resources, perform actions, or manipulate data without appropriate permissions. Unlike authentication, which verifies a user’s identity, authorisation determines what an authenticated user is allowed to do.

CWE-113: HTTP Response Splitting – A Comprehensive Guide for Penetration Testers

31 January 202531 January 2025 by Krishna

HTTP Response Splitting is a web application vulnerability that occurs when an attacker is able to manipulate HTTP headers to split the response sent to the client. This manipulation exploits the way headers are processed by web servers and browsers, allowing attackers to inject malicious content into the response stream. The result can be a range of attacks, from cross-site scripting (XSS) to cache poisoning and web cache poisoning, all of which can disrupt business operations, damage brand reputation, and compromise sensitive data.

Vertica: Unlocking the Potential of Big Data Analytics for C-Suite Executives

10 January 202510 January 2025 by Krishna

Vertica, a powerful, scalable analytical database, stands out as a leading solution for big data processing. Designed to handle complex queries across massive datasets, Vertica empowers businesses to derive actionable insights with unparalleled efficiency.

Penetration Testing Oracle Autonomous Data Warehouse (ADW)

8 January 2025 by Krishna

Penetration testing is an essential security practice that helps organisations identify and address vulnerabilities in their systems. While Oracle Autonomous Data Warehouse (ADW) is designed with robust, built-in security measures, understanding how penetration testing applies to this environment is critical for ensuring that configurations and usage remain secure.