Directory Traversal: Examples, Testing, and Prevention
What Is Directory Traversal? Directory traversal, or path traversal, is an HTTP exploit. It exploits a security misconfiguration on a web server, to access data
August 23, 2021
AppSec Blog
Application Security news, research, vulnerabilities, DevSecOps, CI/CD tooling, hacking and more
Command Injection: How it Works and 5 Ways to Protect Yourself
What is Command Injection? A command injection involves the exploitation of a vulnerable application for the purpose of executing arbitrary commands on its host operating
August 23, 2021
HTTP Request Smuggling: Complete Guide to Attack Types and Prevention
What Is HTTP Request Smuggling? The term HTTP request smuggling (HRS) refers to techniques that interfere with the way in which a website processes sequences
August 23, 2021
What is a Security Champion and Why You Need One
While a security culture for a successful DevOps and AppSec programme is important, to succeed, security needs to be top of mind for everyone across
August 16, 2021
Server Side Request Forgery (SSRF) Attacks & How to Prevent Them
Server-Side Request Forgery (SSRF) attacks allow an attacker to make requests to any domains through a vulnerable server. Attackers achieve this by making the server
August 6, 2021
Nexploit Product Update – July 2021
This blog post announces the July 2021 Update for Nexploit.We added some new features and product enhancements that will make your experience even better. New
August 2, 2021
Open Redirect Vulnerability: Impact, Severity, and Prevention
What is an Open Redirect Vulnerability? An Open Redirect Vulnerability entails an attacker manipulating the user and redirecting them from one site to another site
July 30, 2021
WebSocket Security: Top 8 Vulnerabilities and How to Solve Them
What is a WebSocket? WebSockets are becoming increasingly popular, because they greatly simplify the communication between a client and a server. The WebSocket protocol uses
July 30, 2021
XXE Attack: Real life attacks and code examples
What is an XXE Attack? XXE (XML External Entity Injection) is a web-based security vulnerability that enables an attacker to interfere with the processing of
July 26, 2021
SolarWinds Vulnerability: How to Protect Your Organization
The SolarWinds attack was one of the largest nation-state supply chain attacks we have seen to date. The attack originated from SolarWinds’ Orion network management
July 14, 2021
SQL Injection in PHP Web Applications
What is PHP SQL Injection? When an attacker exploits a PHP application via an SQL Injection, they can gain access to the application’s database and
July 13, 2021
API Security: The Complete Guide
What is API Security? An Application Programming Interface (API) allows software applications to interact with each other. It is a fundamental part of modern software
July 13, 2021
LFI Attack: Real Life Attacks and Attack Examples
What is an LFI Attack? Local File Inclusion attacks are used by attackers to trick a web application into running or exposing files on a
July 9, 2021
NexPloit Product Update – June 2021
This blog post announces the June 2021 Update for NexPloit.We added some new features and product enhancements that will make your experience even better. New
July 9, 2021
© 2021 NeuraLegion Inc. All Rights Reserved