Price Manipulation is a test case for Price Tampering. Generally, Penetration testers change the amount value of the product (i.e., shoes, tshirt, flight ticket, etc) from Rs.XXXX (or $XXXX) to Rs1 (or $1) in price tampering .
Hi Infosec guys!!!! Hope you are doing well. If you are here then you are interested in learning more n more. This finding is not unique for some 1337 infosec guys but most of the guys do not test this case.
Hi folks, I tested an application that was too vulnerable. So, I thought about writing Account takeover test cases. I will not disclose the name of the company. In this writeup, I will use “company” as a company name.
I was doing freelancing for a company. In that company, They have private dashboard for their employees, from where Employees can modify his/her personal details. Managers, HR and Chief & Officers roles can see the personal details of any employee and communicate to them but no other employees can see other employee’s personal details.
Here, You learn about GraphQL Misconfigurations. I mentioned some attacks and practice labs for GraphQL Misconfigurations.
Here we discuss about Vulnerability assessment and penetration testing and reporting tools. A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a target.
In this write-up, you will get to know about #CTF, Challenges, Tools for solving the #CTF challenges, Practice Platforms, Resources and Youtube Channels for #CTFs. What is #CTF?
First, you have to know about working of applications means how do applications work and communicate, basic idea of networking and internet. You should learn some programming languages and scripting languages such as HTML, CSS, JS, PHP, Bash, Python, Java, etc.,
Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.
Most of the Corporates do not focus on their internal security. They think that they are secure because their internal assets are accessible by internally. But Red Team Members know very well that How can attacker exploit internal infrastructures. Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organisations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse.