Published on: August 27, 2017 9:31 pm  |  Comments: one response  |  Tags: Authenticity, Confidentiality, Cryptography, Digital Certificates, Digital Signatures, Non-Repudiation, Public-Key

Assuming that you already have knowledge on overall cryptography systems & terminology (encrypt, decrypt, cipher, hash etc.). The intention of this post is just to clarify the main concepts of Public-Key Cryptography. Mainly this post describes the following concepts: Confidentiality, Authenticity, Non-Repudiation, Digital Signatures, Digital Certificates

Published on: September 20, 2016 3:11 am  |  Comments: none  |  Tags: antisamy, code, countermeasures, HTTP Headers, injection, ModSecurity, OWASP, Prepared Statements, prevention, sql, Web Application Frameworks, xss

Code Injection is the most common vulnerability in Applications. Here we will discuss the ways of how we can prevent that from happening. We will show different techniques and discuss and their advantages and disadvantages.

Published on: August 3, 2016 10:30 am  |  Comments: none  |  Tags: code, cross-site, Department of Defense, details, examples, injection, Pentagon, scripting, xss

Cross-Site Scripting represented with the acronym of XSS is a type of code injection and works by injection client-side (browser) code like HTML, CSS, and JavaScriptit in web apps. According to OWASP, XSS vulnerability is the most prevalent security flaw in web applications.

Published on: July 12, 2016 10:30 am  |  Comments: none  |  Tags: blind, compounded, dbms, details, example, examples, explained, injection, specific, sql

SQL Injection is a type of code injection attack that takes place in data-driven applications via SQL statements. This is a case when applications carelessly fully trust the user input. This post explain in details how this attack works and how to exploit it.

Published on: July 4, 2016 11:30 am  |  Comments: none  |  Tags: Application, OWASP, Project, Security, Top 10, Vulnerabilities, Web

This post describes the development of Web technologies by seeing it from the security perspectives. It shows organization incentives like OWASP and their projects like Top 10 Vulnerabilities.