WAF Archives - Krishna Gupta

Content Security Policy (CSP) Bypass: Safeguarding Business Assets from Exploitation

11 November 202411 November 2024 by

A Content Security Policy is akin to a ‘content filter’ for websites, allowing only specified, trusted sources to load and execute content. By defining a set of rules that control the origins from which resources can be loaded, CSP prevents attackers from injecting or executing harmful code within a web page. Without strict CSP enforcement, attackers can exploit vulnerabilities to exfiltrate sensitive data, capture keystrokes, or redirect users to phishing sites.

Form jacking: The Silent Threat to MSMEs

19 August 2024 by

Formjacking is a sophisticated cybercrime where malicious code is injected into e-commerce websites to rob payment card details. Attackers target online forms, such as checkout pages, to capture sensitive information as customers enter. Once compromised, this data is transmitted to the attacker, leaving businesses and customers vulnerable to financial loss and reputational damage.

Penetration Testing Your Firewall: Uncovering Hidden Vulnerabilities for Maximum ROI

4 June 2024 by

Penetration testing your firewall is not a one-time fix. Continuous PT is essential for maintaining a resilient security posture.

The Relentless Drip: Why You Need to Shore Up Your Defences Against NXDOMAIN Attacks

19 April 2024 by

An NXDOMAIN attack, also known as a DNS Water Torture attack, is a type of Distributed Denial-of-Service (DDoS) attack that targets the Domain Name System (DNS).