web application security Archives

New Tech Programming Languages of 2025: Strategic Insights for Software Developers and C-Suite Executives

18 April 2025 by Krishna

New Tech Programming Languages of 2025: Strategic Insights for Software Developers and C-Suite Executives Introduction The software development landscape is evolving at an unprecedented pace, with 2025 witnessing the emergence of several innovative programming languages. These languages are not only reshaping how software is built but are also influencing critical business decisions, especially at the …

Continue

2024 CWE Top 25 Most Dangerous Software Weaknesses: Server-Side Request Forgery (SSRF) CWE-918

24 March 2025 by Krishna

At its core, SSRF arises when an attacker can manipulate a server to send HTTP requests to arbitrary destinations, often bypassing firewalls, access controls, and other security measures. The vulnerability stems from improper validation of user-supplied URLs or inputs that dictate server-side request behaviour.

Deserialisation-of-Untrusted-Data-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Deserialisation of Untrusted Data (CWE-502)

21 March 202521 March 2025 by Krishna

Deserialisation refers to the process of converting serialised data (a compact format of an object or data structure) back into its original form. While this operation is indispensable in modern software, it becomes a vulnerability when the deserialised data originates from an untrusted source.
When untrusted data is deserialised without validation, attackers can exploit the process to execute arbitrary code, manipulate application logic, or inject malicious payloads. CWE-502 encapsulates this weakness, highlighting its potential to compromise data integrity, confidentiality, and availability.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

14 March 2025 by Krishna

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-22

10 March 202510 March 2025 by Krishna

Path traversal, also known as directory traversal, is a vulnerability that allows an attacker to access files and directories stored outside the intended directory. By exploiting improper validation of user-supplied input, attackers can manipulate file paths to access sensitive system files, configuration files, or any other data stored on the server.