OWASP Top 10 Archives - Krishna Gupta

Understanding the Vendor Site Compliance Certificate (VSCC) from SBI: A Comprehensive Guide for MSMEs

29 July 2025 by Krishna

In the world of modern business, compliance has become one of the most significant aspects of ensuring smooth operations and maintaining business integrity. For Micro, Small, and Medium Enterprises (MSMEs) in India, compliance with industry standards and regulatory frameworks is vital not only for operational success but also for securing partnerships and funding from major financial institutions. One of the most crucial certifications in this regard is the Vendor Site Compliance Certificate (VSCC) issued by the State Bank of India (SBI).
This comprehensive guide delves into what the VSCC is, why it is critical for MSMEs, how to obtain it, and the role it plays in enhancing your business’ credibility. With a focus on the practical aspects, this post will shed light on how the VSCC contributes to compliance, risk mitigation, and improving the business’s overall ROI.

LLM04: Data and Model Poisoning – A C-Suite Imperative for AI Risk Mitigation

16 June 2025 by Krishna

At its core, data poisoning involves the deliberate manipulation of datasets used during the pre-training, fine-tuning, or embedding stages of an LLM’s lifecycle. The objective is often to introduce backdoors, degrade model performance, or inject bias—toxic, unethical, or otherwise damaging behaviour—into outputs.

Security Misconfiguration: A Comprehensive Guide for Software Architects

4 April 2025 by Krishna

Security misconfiguration occurs when system security settings across application stacks—such as servers, databases, and networks—are inadequately implemented or left in their default states. These missteps expose critical vulnerabilities that attackers can exploit.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Server-Side Request Forgery (SSRF) CWE-918

24 March 2025 by Krishna

At its core, SSRF arises when an attacker can manipulate a server to send HTTP requests to arbitrary destinations, often bypassing firewalls, access controls, and other security measures. The vulnerability stems from improper validation of user-supplied URLs or inputs that dictate server-side request behaviour.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-22

10 March 202510 March 2025 by Krishna

Path traversal, also known as directory traversal, is a vulnerability that allows an attacker to access files and directories stored outside the intended directory. By exploiting improper validation of user-supplied input, attackers can manipulate file paths to access sensitive system files, configuration files, or any other data stored on the server.