security testing

Missing-Authorisation-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

by

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

Secure-GenAI-KrishnaG-CEO

GenAI: Security Teams Demand Expertise-Driven Solutions

by

Generative AI (GenAI) refers to a subset of artificial intelligence technologies designed to create new content, such as text, images, videos, and even code, based on patterns and data fed into it. Unlike traditional AI systems that rely on predefined algorithms and data sets, GenAI models learn from vast amounts of data and can generate original outputs that resemble human-created content. These outputs can range from realistic-looking deepfakes to sophisticated malware and phishing schemes, making GenAI a powerful tool for both cyber defenders and attackers.

In the context of cybersecurity, GenAI’s potential is vast. It can be utilised for automating threat detection, creating advanced defence mechanisms, and developing incident response strategies. However, the same capabilities that make GenAI a valuable asset to security teams also make it an attractive tool for cybercriminals, who can use it to create new, more complex forms of cyber attacks.

PenTest-OpenWRT-KrishnaG-CEO

Penetration Testing OpenWRT: A Comprehensive Guide for Penetration Testers and Network Architects

by

OpenWRT, while highly customisable, is not immune to the common security flaws that affect embedded devices. These can range from default configurations to poorly secured web interfaces

Client-Code-Quality-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M7 – Client Code Quality

by

Client code quality refers to the soundness, reliability, and maintainability of the code executed on mobile devices. The “M7” designation in the OWASP Top 10 highlights vulnerabilities resulting from poorly written client-side code. These vulnerabilities can stem from inadequate input validation, insecure coding practices, or the use of deprecated libraries.

JSON-Injection-KrishnaG-CEO

In-Depth Analysis of SANS Top 25 CWE-94: JSON Injection and Its Implications for Penetration Testers

by

**JSON Injection** is a form of **injection vulnerability** that occurs when an application improperly handles user input within a JSON object. JSON (JavaScript Object Notation) is widely used for data exchange between web clients and servers. When applications fail to validate or sanitize user input before incorporating it into a JSON object, attackers can inject malicious data, manipulating the application’s behaviour.

JSON Injection primarily targets the integrity of the data being exchanged, potentially altering application logic, bypassing authentication, or even leading to more severe attacks like remote code execution. It is particularly dangerous in systems that use JSON for configuration files, user inputs, or data transfer, which is the case in many modern web applications.