In today’s digital world, security is a top priority for organizations and people. With a rising reliance on web applications and online services, ensuring the platform’s security is vital. One of the most common security vulnerabilities developers and security experts should know is Insecure Direct Object Reference (IDOR). This article digs further into IDOR, examining its implications, causes, and mitigation strategies. What is IDOR? Insecure Direct Object Reference is not just an access control vulnerability, it’s a serious threat. It allows unauthorized access to objects directly through user-supplied input in an application, bypassing proper authorization checks. In simpler terms, an…
Author: Lipson Thomas Philip
Introduction DNS is an essential element of the Internet’s infrastructure. It translates the IP address into human-readable domain names, allowing users to access websites or other online services. If there is no DNS, the users must remember the IP address to access the website, which is impossible. For example, the IP address for google.com is 172.253.116.190; here, google.com is easier to remember than 172.253.116.190. What is the Domain Name System? DNS stands for Domain Name System. It is a decentralized and hierarchical naming system that connects/translates domain names to IP addresses. A domain name is associated with one or more IP addresses.…
Visual Studio Code (VS Code) is an open-source, free code editor developed by Microsoft. It is available cross-platform such as Linux, Mac and Windows. It supports many programming languages and frameworks such as C/C++, Django, Java, JavaScript, PHP, Python, Typescript, etc. Furthermore, it is a useful tool that facilitates task execution, version control, and code debugging. It differs from other code editors with a variety of capabilities, including refactoring, syntax highlighting, automated code completion, snippets, and many more. VS Code supports many plugins which are used to create programs in different programming languages and frameworks. This code editor is very…
What is SQL Injection? SQL injection is a database vulnerability in which a hacker manipulates the SQL database of the website by injecting or entering malicious SQL queries into the user input field, such as the address bar or search bar. This attack is only effective on websites using SQL databases. SQL (Structured Query Language) database is a programming language for storing and processing data with the associated website or web application. How does SQL Injection Work? When a user submits information to a web application, it is frequently saved in a database. The web application then queries the database…
The term “URL” is an abbreviation for “Uniform Resource Locator,” which refers to a standardized address used to locate and access resources on the internet. The three words in the URL have unique meanings: A URL is a core concept in web technology that functions as a unique address or identifier for internet sites. It is the web address that you type in the address bar of your web browser to access a website or obtain specific information. An organization known as the Internet Engineering Task Force (IETF) is in charge of regulating the Internet. This organization is responsible for…
We value your input and are always eager to hear from our blog visitors. Whether you’ve come across a technical glitch, want to suggest a new topic for a blog post, or even have an idea for a guest post, we’re here to listen. Your feedback helps us improve our content and ensure that we deliver the most relevant and engaging information to our readers. Please don’t hesitate to drop us a message using the contact form below. Feel free to provide as much detail as possible so that we can address your concerns or ideas effectively. We appreciate your…
Introduction To Go (Golang) Programming Language Go known as Golang, was created and developed by Robert Griesemer, Rob Pike, and Ken Thompson at Google in the year 2007. The Golang programming language was developed to meet the needs of modern software development, especially in the fields of concurrency and scalability. Concurrency was a major problem in software development at the time Golang was developed due to the emergence of multi-core computers and cloud computing. Several of the then-current programming languages, like C++ and Java, had concurrency and scalability restrictions, which made it difficult for developers to write code that could…
Naabu is a fast port scanner written in the go programming language. It focuses on reliability and simplicity. This tool is created and managed by Project Discovery. It is a very straightforward program that quickly checks the host or list of hosts using SYN/CONNECT and reports all ports that only respond. Because of the speed, it saves a lot of time for the users. Features Of Naabu Tool Use Cases for Naabu Tool Many network reconnaissance and vulnerability analysis activities may be performed with Naabu. Typical usage scenarios include: How to install Naabu? The prerequisite for the Naabu tool are:…
Brave browser is a multi-platform web browser developed and managed by Brave Software. This browser is the same as different web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and others but brave gives additional features which it stands out from others. Brave appears to be the perfect browser option for Linux users because of its innovative software design, privacy-focused concept, and fast and easy performance. Features Of Brave Browser Install Brave Browser In Kali Linux Installing brave browser is very easy and updating is easier. The steps are the same for Parrot Security OS or any other Debian…
Introduction H8Mail is a free OSINT (Open Source Intelligence) tool used to find out if the email is breached or not. This tool is used while doing a pentest on a company to find information about the company and the employees. If the employee is using an official email for personal use on the insecure or breached website. Features APIs used in H8mail Other Website Using By H8MailDescriptionHaveIBeenPwned(v3)List of email breaches.HaveIBeenPwned Pastes(v3)Text file containing all the target URLs.Hunter.io – PublicNumber of related emails to the target.Hunter.io – Service (free tier)Chasing and related emails in cleartext.Snusbase – ServiceHashes and salts, usernames,…