Missing-Authorisation-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

Insecure-Authorisation-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M6 – Insecure Authorisation

Insecure authorisation occurs when an application fails to properly enforce access control mechanisms, allowing unauthorised users or attackers to access resources, perform actions, or manipulate data without appropriate permissions. Unlike authentication, which verifies a user’s identity, authorisation determines what an authenticated user is allowed to do.

HTTP-Response-Split-KrishnaG-CEO

CWE-113: HTTP Response Splitting – A Comprehensive Guide for Penetration Testers

HTTP Response Splitting is a web application vulnerability that occurs when an attacker is able to manipulate HTTP headers to split the response sent to the client. This manipulation exploits the way headers are processed by web servers and browsers, allowing attackers to inject malicious content into the response stream. The result can be a range of attacks, from cross-site scripting (XSS) to cache poisoning and web cache poisoning, all of which can disrupt business operations, damage brand reputation, and compromise sensitive data.

PenTesting-Vertica-KrishnaG-CEO

Vertica: Unlocking the Potential of Big Data Analytics for C-Suite Executives

Vertica, a powerful, scalable analytical database, stands out as a leading solution for big data processing. Designed to handle complex queries across massive datasets, Vertica empowers businesses to derive actionable insights with unparalleled efficiency.

PenTest-Oracle-ADW-KrishnaG-CEO

Penetration Testing Oracle Autonomous Data Warehouse (ADW)

Penetration testing is an essential security practice that helps organisations identify and address vulnerabilities in their systems. While Oracle Autonomous Data Warehouse (ADW) is designed with robust, built-in security measures, understanding how penetration testing applies to this environment is critical for ensuring that configurations and usage remain secure.