What is it IDOR: Insecure Direct Object Reference These types of vulnerabilities arise from acces control issues. We will devote another entire chapter to those types of vulnerabilities. The term IDOR was made popular in by appearing in the OWASP top 10 but in reality it’s simply another type of Broken Access Control…

The Open Web Application Security Project (OWASP) is a global community of security professionals who aim to improve the security of web applications and APIs. …

Below are examples in PHP and Node.js for each item on the OWASP Top 10 list. Note that these examples illustrate vulnerable code as well as secure alternatives for each risk. Broken Access Control PHP: Vulnerable: if ($_SESSION['user_role'] == 'admin') { deleteUser($_GET['user_id']); } Secure: if ($_SESSION['user_role'] == 'admin' && checkUserPermissions($user_id, 'delete_user')) { deleteUser($_GET['user_id']); }

Introduction As the world becomes increasingly reliant on mobile devices, the need for skilled ethical hackers to secure Android applications is more crucial than ever. To master ethical Android hacking, it’s essential to have a practical environment where you can experiment with real-world scenarios without causing any harm. …

Introduction: Certificate pinning is a security measure implemented in Android applications to prevent Man-in-the-Middle (MitM) attacks. While it enhances app security, it also poses challenges for ethical hackers trying to intercept and analyze encrypted network traffic. In this chapter, we’ll discuss certificate pinning, how to bypass it using Frida and Objection…

Introduction The OSCP (Offensive Security Certified Professional) certification is one of the most respected certifications in the cybersecurity industry. It requires extensive preparation and practice, particularly with the new exam requirements that include a 24-hour exam followed by a 24-hour report writing period. …

SUBJECT TO CHANGE It’s important to note that the OWASP API Top 10–2023 is currently in Release Candidate (RC) status, and is subject to change before its final release. The purpose of the RC is to gather feedback from the community and stakeholders, and to refine the final list of API security risks…

Introduction Obtaining a certificate in the field of cybersecurity or ethical hacking can be a valuable investment for career advancement, personal growth, and compliance requirements and add credibility to your skills and expertise. A certificate can demonstrate to potential employers that you have a specific skill set or knowledge base, helping…

Introduction Making a career transition from an IT job in programming to a pentesting job can seem like a daunting task. However, with the right steps and resources, it is possible to make this transition successfully. This article will provide a step-by-step guide on how to make the transition, including the…