Learn with me :)

   What is access control? Access control is a security technique that can be used to regulate who (or what) can perform attempted actions or access resources in a computing environment. In context of web application security, it determines whether the user is allowed to carry out the action that they are attempting to perform. Synonyms: Authorization Basically, access control enforces a policy where users cannot act outside their intended permissions. It relies on authentication and session management. B roken Access Control :  Access controls are designed to regulate user privileges. Failures typically cause unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of user privilege, known as " Broken Access Control " or " Privilege Escalation ".   Broken Access Control ranks 5th in the 2020 OWASP Top 10. Broken access control can usually be encountered in any application and these ...

Authentication is the process of verifying who you are. It is a security procedure that ensures and verifies the identity of the user. What is a Session?   Session is the server-side storage of user information to maintain user interaction with the web site. Servers typically generate a unique token for each connection, which is known as session ID. The session ID should be stored on the server-side and not on the client-side.  Broken authentication : Authentication is “broken” when the application allows an attacker to identify or bypass the authentication mechanism. Broken Authentication is in one of the OWASP Top 10 Vulnerabilities. Broken authentication is caused by poorly implemented authentication and session management mechanisms. It allows an attacker to compromise passwords, keys, session ID's or to exploit other implementation flaws to take over a victim’s account. Common risk factors includes:  Default account  Inadequate password policy  User En...

W hat is CSRF? Let’s unpack!   CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to induce victims to perform actions that they don’t intend to perform.  The victim can be forced to execute those actions through any method that gets them to load a resource automatically. Eg – img tag, script tag, onload form submit, etc.  This happens unknowingly because the actions are performed by the victim’s browser, not by the victim explicitly. Synonyms  -   Session Riding , One-click attack , XSRF , Sea Surf , Hostile Linking . To perform CSRF attack the attacker/malicious user should determine the right value of all the form fields and URL inputs. It works by exploiting the trust of a web site which it has on its user. Pre-requisite - In order to exploit CSRF vulnerability, the user should be logged into the target application means the user’s session should be active. Impact -   The impact of this attack depends on the appl...

             T oday, in this article,  we will see one of the most common web application vulnerabilities that is Cross-Site Scripting aka XSS.

         Career in Cyber Security :) In today's world, Cyber security is one of the most fascinating job fields. Be it fresher or experienced IT professional, it attracts everyone. When it comes to career, Cyber security has unlimited career options and with unlimited career options, it creates some sort of confusion. It’s not always easy to find the right career path in Cyber Security. Also, a cyber security professional's responsibilities may vary, but the role can be simplified into one function: " Protect a company's data from being compromised by an attack ".   This post will help all those people who want to make a career in the cyber security field. Here we will discuss all major pathways in Cyber Security. So let’s start – 1) VAPT (Vulnerability Assessment & Penetration Testing) –  It is an attempt to evaluate the security of an IT infrastructure by checking and exploiting the vulnerability. It helps the organization to protect itself by p...