OWASP ZAP Archives - Krishna Gupta

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

14 March 2025 by Krishna

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

CWE-113: HTTP Response Splitting – A Comprehensive Guide for Penetration Testers

31 January 202531 January 2025 by Krishna

HTTP Response Splitting is a web application vulnerability that occurs when an attacker is able to manipulate HTTP headers to split the response sent to the client. This manipulation exploits the way headers are processed by web servers and browsers, allowing attackers to inject malicious content into the response stream. The result can be a range of attacks, from cross-site scripting (XSS) to cache poisoning and web cache poisoning, all of which can disrupt business operations, damage brand reputation, and compromise sensitive data.

Penetration Testing Oracle Autonomous Data Warehouse (ADW)

8 January 2025 by Krishna

Penetration testing is an essential security practice that helps organisations identify and address vulnerabilities in their systems. While Oracle Autonomous Data Warehouse (ADW) is designed with robust, built-in security measures, understanding how penetration testing applies to this environment is critical for ensuring that configurations and usage remain secure.