Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to…
Author Archives Tomasz Andrzej Nidecki
THE AUTHOR
Tomasz Andrzej Nidecki
Technical Content Writer
Technical Content Writer
How to Defend against Black Hat Hackers during the COVID-19 Pandemic
The SARS-CoV-2 coronavirus outbreak and the COVID-19 illness are instrumental for cybercriminals. Both businesses and private users are a major cyberattack target due to chaos and panic that surrounds the coronavirus pandemic. Here is what we believe that organizations should do to maintain a high…
What Are Insecure Direct Object References
Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. For example, an IDOR vulnerability would happen if the…
Red Teaming – 5 Tips How to Do It Safely
Red team vs blue team exercises are a very effective method to evaluate the security posture of your business. However, red teaming carries certain risks that must be taken into consideration, both for the red team and the target business. The world of IT security…
Session Hijacking and Other Session Attacks
Session IDs are a tasty treat for malicious hackers. Once an attacker gets their hands on a session ID, they can get unauthorized access to a web application and fully impersonate a valid user. In general, there are three primary methods to obtain a valid…
Secure Coding Practices – The Three Key Principles
All security vulnerabilities are the result of a human error. All web application security issues are introduced by developers. Therefore, the best approach to building secure software is to do all that is possible to avoid introducing such errors in the first place instead of…
7 Steps to Avoid Uncoordinated Vulnerability Disclosure
Imagine the following situation. You work as a security manager for a company that owns the website www.example.com. One day, your sales department receives an email from an unknown individual. The sales department forwards it to you. The email has the following content: You example.com/login.php…
What Are HTML Injections
HTML injections (HyperText Markup Language injections) are vulnerabilities that are very similar to Cross-site Scripting (XSS). The delivery mechanisms are exactly the same but the injected content is pure HTML tags, not a script like in the case of XSS. HTML injections are less dangerous…
XSS Filter Evasion Basics
The two primary methods of avoiding Cross-site Scripting (XSS) vulnerabilities are XSS filtering and XSS escaping. However, XSS filtering is not recommended because it can usually be evaded using clever tricks. Here are some of the methods that an attacker can employ in their malicious…
What Is Cookie Poisoning
The term cookie poisoning is used in different contexts to describe attacks that aim to manipulate, intercept, or forge the content of HTTP cookies. Cookie poisoning attacks are different types of attacks that can affect both the client-side application, data transmission, or the web server….