Posts

Showing posts from May, 2020

Phishing: A sweet poison!

Image
Phishing  is a fradulent attempt to obtain sensitive information such as passwords, usernames, credit card details by disguising oneself as a trustworthy entity in an electronic communication. This is how Phishing is defined.Got It? No. That's ok. You will get it by the end of this blog. Hackers are creative and they should be!  One such famous hacking technique or a way to gain information of target user is is called Phishing. Phising is method to gather personal information using mainly deceptive emails and websites. The goal is to make the target believe that the message,mail or website is something important for him for example a bank request,donation and to force him to click the link. It is one of the oldest type of cyberattacks dating back to 1990's and still one of the most popular attack between hackers. How Phishing got its name? Yes you guessed it right. Phishing is similar to word Fishing. The letter "f" is replaced by "p". As in fishing, the fis...

OWASP Top 10 vulnerabilities

Image
What is OWASP? OWASP which stands for Open Web Application Security Project is an international non-profit organization dedicated to web application security.  It produces various articles, methodologies, tools and technologies in the field of web application security. It was established in 2001 with the goal to protect web applications from cyber attacks. What is OWASP Top 10?    OWASP Top 10 prioritizes most common web securities risks affecting the web applications. The point to consider here is that there are more than 10 security but only top 10 are included. There are four criterias used for making this list. They are Ease of exploitability Prevalence Detectibility Business Impact The list was firstly published in the year 2003. Then updated in the year 2004,2007,2010,2013 and 2017. Top 10 Vulnerabilities 1.Injection An Injection vulnerability allows attackers to send unfriendly,hostile data to an interpreter causing the data to be compiled and executed on the serve...