What is Password Reset Poisoning?

Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify the host […]

Read More →

Better Web-Pentesting in Windows with AHK

Recently, I have moved to Malta. It’s quite hot here, but as I’m from colder country, I like it very much. Actually, I’m obsessed with everything hot, including hotkeys! Every pentester / researcher / bugbounter / etc has their own approach to doing things in their own work environment. So in this article I’m not […]

Read More →

How to Recover from a Hacked Website Event

Any fellow webmaster you may ask who is beyond the novice stage will agree that one of his top priorities will always be keeping his websites secure. However, the number of exploits and tools available to hackers are so vast, and software technologies evolving so rapidly, that it is very possible, maybe likely, that you […]

Read More →

Multi-Cloud Design: The Priority Focus Should be on Application Security, Part 2

This is part-2 of a 2 part series that discusses the risks involved for application security in the new multi-cloud environments. This part introduces the requirements for multi-cloud, the types of multi-clouds and the risks they transport to application security. Requirements for multi-cloud So why is there a need for true multi-cloud capacity? The upsurge […]

Read More →