Learn with me :)

Authentication is the process of verifying who you are. It is a security procedure that ensures and verifies the identity of the user. What is a Session?   Session is the server-side storage of user information to maintain user interaction with the web site. Servers typically generate a unique token for each connection, which is known as session ID. The session ID should be stored on the server-side and not on the client-side.  Broken authentication : Authentication is “broken” when the application allows an attacker to identify or bypass the authentication mechanism. Broken Authentication is in one of the OWASP Top 10 Vulnerabilities. Broken authentication is caused by poorly implemented authentication and session management mechanisms. It allows an attacker to compromise passwords, keys, session ID's or to exploit other implementation flaws to take over a victim’s account. Common risk factors includes:  Default account  Inadequate password policy  User Enumeration  Missing Accoun

W hat is CSRF? Let’s unpack!   CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to induce victims to perform actions that they don’t intend to perform.  The victim can be forced to execute those actions through any method that gets them to load a resource automatically. Eg – img tag, script tag, onload form submit, etc.  This happens unknowingly because the actions are performed by the victim’s browser, not by the victim explicitly. Synonyms  -   Session Riding , One-click attack , XSRF , Sea Surf , Hostile Linking . To perform CSRF attack the attacker/malicious user should determine the right value of all the form fields and URL inputs. It works by exploiting the trust of a web site which it has on its user. Pre-requisite - In order to exploit CSRF vulnerability, the user should be logged into the target application means the user’s session should be active. Impact -   The impact of this attack depends on the application’s functionality and t

             T oday, in this article,  we will see one of the most common web application vulnerabilities that is Cross-Site Scripting aka XSS.

         Career in Cyber Security :) In today's world, Cyber security is one of the most fascinating job fields. Be it fresher or experienced IT professional, it attracts everyone. When it comes to career, Cyber security has unlimited career options and with unlimited career options, it creates some sort of confusion. It’s not always easy to find the right career path in Cyber Security. Also, a cyber security professional's responsibilities may vary, but the role can be simplified into one function: " Protect a company's data from being compromised by an attack ".   This post will help all those people who want to make a career in the cyber security field. Here we will discuss all major pathways in Cyber Security. So let’s start – 1) VAPT (Vulnerability Assessment & Penetration Testing) –  It is an attempt to evaluate the security of an IT infrastructure by checking and exploiting the vulnerability. It helps the organization to protect itself by providing a c