Author: Lipson Thomas Philip

With the ever-evolving landscape of cybersecurity, penetration testers and security researchers need effective tools to help them identify possible vulnerabilities in web applications. Cariddi is one tool that helps simplify the process of finding endpoints from JavaScript files and other sources. This article explores Cariddi’s features, installation, usage, and benefits, making it an essential resource for cybersecurity professionals. What is Cariddi? Cariddi is an open-source endpoint finder tool that assists security professionals in extracting sensitive endpoints from web applications. It is an excellent tool for reconnaissance and vulnerability assessment since it is very good at parsing HTML, evaluating JavaScript files,…

Finding subdomains connected to a primary domain is known as subdomain enumeration, and it is an essential cybersecurity procedure. Since subdomains frequently include forgotten or less secure assets that attackers might exploit, it is a crucial component of reconnaissance in penetration testing and ethical hacking. Organizations use subdomains to build and deploy many services, apps, or environments, including production, staging, and development. Attackers may use these subdomains as entry points if they are poorly defended. This tutorial will guide you through various subdomain enumeration methods, resources, and best practices. Understanding Subdomains A subdomain is a subset of a primary domain…

In a time when almost every aspect of our lives is connected to the internet, protecting personal data is more critical than ever. Our data is continuously collected and stored whether we use social media, make purchases online, or use smart devices at home. However, this convenience increases the risk of cyber threats like identity theft and unauthorized access to our personal data. Everyone should understand cybersecurity; it’s not just for technical experts. This essay examines the foundations of cybersecurity, how your data is at risk, and doable solutions to safeguard your personal data in the current digital landscape. What…

Cyberattacks happen every 39 seconds, making website security more critical than ever1. But how do cybersecurity professionals test for website vulnerabilities? Experts identify and fix security flaws through penetration testing, vulnerability scanning, and ethical hacking to prevent breaches. Cyber threats are everywhere, so how can we keep our websites secure? Let’s explore the fundamental techniques that make all the difference to mitigate website vulnerabilities. Reconnaissance Before testing for website vulnerabilities, cybersecurity experts conduct reconnaissance to collect as much information as possible about the target website. It is also known as information gathering (to gather information). This includes: Passive Reconnaissance Direct…

SQL injection attacks are common vulnerabilities in web-based applications. For years, they have been included in OWASP’s Top 10 web application list. SQLi can allow a denial of service (DoS) attack. Below is an example of how the data looks in a table in SQL. Through this attack, an attacker can unethically retrieve data from the website. The data could be information about customers (username, password, e-mail address) or personal details (phone number, date of birth). An attacker can often update, delete, or download the data. The attacker can sell the data in the dark/deep web or blackmail the company…

In today’s digital world, security is a top priority for organizations and people. With a rising reliance on web applications and online services, ensuring the platform’s security is vital. One of the most common security vulnerabilities developers and security experts should know is Insecure Direct Object Reference (IDOR). This article digs further into IDOR, examining its implications, causes, and mitigation strategies. What is IDOR? Insecure Direct Object Reference is not just an access control vulnerability, it’s a serious threat. It allows unauthorized access to objects directly through user-supplied input in an application, bypassing proper authorization checks. In simpler terms, an…

Introduction DNS is an essential element of the Internet’s infrastructure. It translates the IP address into human-readable domain names, allowing users to access websites or other online services. If there is no DNS, the users must remember the IP address to access the website, which is impossible. For example, the IP address for google.com is 172.253.116.190; here, google.com is easier to remember than 172.253.116.190. What is the Domain Name System? DNS stands for Domain Name System. It is a decentralized and hierarchical naming system that connects/translates domain names to IP addresses. A domain name is associated with one or more IP addresses.…

Visual Studio Code (VS Code) is an open-source, free code editor developed by Microsoft. It is available cross-platform such as Linux, Mac and Windows. It supports many programming languages and frameworks such as C/C++, Django, Java, JavaScript, PHP, Python, Typescript, etc. Furthermore, it is a useful tool that facilitates task execution, version control, and code debugging. It differs from other code editors with a variety of capabilities, including refactoring, syntax highlighting, automated code completion, snippets, and many more. VS Code supports many plugins which are used to create programs in different programming languages and frameworks. This code editor is very…

What is SQL Injection? SQL injection is a database vulnerability in which a hacker manipulates the SQL database of the website by injecting or entering malicious SQL queries into the user input field, such as the address bar or search bar. This attack is only effective on websites using SQL databases. SQL (Structured Query Language) database is a programming language for storing and processing data with the associated website or web application. How does SQL Injection Work? When a user submits information to a web application, it is frequently saved in a database. The web application then queries the database…

The term “URL” is an abbreviation for “Uniform Resource Locator,” which refers to a standardized address used to locate and access resources on the internet. The three words in the URL have unique meanings: A URL is a core concept in web technology that functions as a unique address or identifier for internet sites. It is the web address that you type in the address bar of your web browser to access a website or obtain specific information. An organization known as the Internet Engineering Task Force (IETF) is in charge of regulating the Internet. This organization is responsible for…