My place on the web

SQL injection attacks involve inserting or "injecting" SQL queries through client input to the application. A successful attack of this type can be used to read sensitive information from the database and modify or delete it. In the most extreme cases, it allows you to issue system commands. The following… Continue reading →

XSS is an attack that allows you to inject and execute malicious HTML or JavaScript. This can be used to steal critical data (for example, session data) from cookies. As the code is executed in the context of a vulnerable application, this allows you to perform other attacks such as… Continue reading →

A cross site request forgery (CSRF) attack exploits the generally accepted logic of web browsers for managing a user session in open pages. The standard is that a user can only have one active session in the web application they are currently using. Any newly opened tab in your browser… Continue reading →

Pathtraversal vulnerability ised to see if a web application allows unauthorized access to files or directories that should be denied access. This type of attack uses parameters passed to the application that show the paths to the resources on which specific operations are performed, such as reading, writing, or displaying… Continue reading →

"mic006" discount code ntfy nice to fit you ntfy.pl 5% for every order The discount code allows you to reduce the price of the entire order by 5%. Enter it when placing a new order in the "Discount code:" mic006 field, and then confirm by clicking the "Activate" button The… Continue reading →

The session management process covers a wide range of user controls from authentication to leaving the application. HTTP is a stateless protocol, which means that web servers respond to client requests without establishing a continuous connection to it. Therefore, even a simple application requires the user to send multiple requests… Continue reading →

The process of completing a session is mainly to check that the user of the application cannot be reused after the application user logs off. You should also check how the application manages the data stored in memory. To minimize the amount of time an attacker can attack an active… Continue reading →

Application password change and reset is a self-service mechanism for changing or resetting a password for users without administrator intervention. If it is weak, it allows an attacker to change any user's password and thus hijack their account. You must protect the password reset mechanism from unauthorized changes, e.g. by… Continue reading →

Attempts to bypass the authenticity mechanism are intended to verify that it is possible to access resources not intended for the user in an unauthorized manner. You can use Burp Suite to test these types of errors,and the tests themselves should include checking the following: attempt to bypass the authentication… Continue reading →

Most web application users do not follow the recommendations for using difficult, non-dictionary access data. They often base their passwords on words and phrases they easily won't forget. These words are children's names, street addresses, favorite football team, place of birth, etc.User accounts – Especially administrative accounts should be protected… Continue reading →