Blog

My Blogs & Other Resources

Unique Case for Price Manipulation | BugBounty | VAPT

Jul. 18, 2020 Harshit Sengar

Price Manipulation is a test case for Price Tampering. Generally, Penetration testers change the amount value of the product (i.e., shoes, tshirt, flight ticket, etc) from Rs.XXXX (or $XXXX) to Rs1 (or $1) in price tampering .

How to add infinity amount(cash) to E-Commerce application’s wallet just from 1 INR only.

Jul. 12, 2020 Harshit Sengar

Hi Infosec guys!!!! Hope you are doing well. If you are here then you are interested in learning more n more. This finding is not unique for some 1337 infosec guys but most of the guys do not test this case.

Multiple flaws leads to Account Takeover within an Application

May 19, 2020 Harshit Sengar

Hi folks, I tested an application that was too vulnerable. So, I thought about writing Account takeover test cases. I will not disclose the name of the company. In this writeup, I will use “company” as a company name.

Blind IDOR leads to change personal details of the company’s employees.

Mar. 27, 2020 Harshit Sengar

I was doing freelancing for a company. In that company, They have private dashboard for their employees, from where Employees can modify his/her personal details. Managers, HR and Chief & Officers roles can see the personal details of any employee and communicate to them but no other employees can see other employee’s personal details.

GraphQL Misconfiguration's Presentation

Aug. 2, 2020 Harshit Sengar

Here, You learn about GraphQL Misconfigurations. I mentioned some attacks and practice labs for GraphQL Misconfigurations.

Beginner Guide | Introduction to #VAPT (Vulnerability Assessment and Penetration Testing) and Reporting Tools.

Jan. 31, 2020 Harshit Sengar

Here we discuss about Vulnerability assessment and penetration testing and reporting tools. A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a target.

#Beginner Guide | How to get started in CTF

Jan. 17, 2020 Harshit Sengar

In this write-up, you will get to know about #CTF, Challenges, Tools for solving the #CTF challenges, Practice Platforms, Resources and Youtube Channels for #CTFs. What is #CTF?

Beginner Guide | How to start Vulnerability Assessment and Penetration Testing (VAPT), Bug Bounty.

Jan. 16, 2020 Harshit Sengar

First, you have to know about working of applications means how do applications work and communicate, basic idea of networking and internet. You should learn some programming languages and scripting languages such as HTML, CSS, JS, PHP, Bash, Python, Java, etc.,

File Upload Bypass & Exploits.

Sept. 20, 2020 Harshit Sengar

Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.

A tale of VoIP Security Testing

Oct. 10, 2020 Harshit Sengar

Most of the Corporates do not focus on their internal security. They think that they are secure because their internal assets are accessible by internally. But Red Team Members know very well that How can attacker exploit internal infrastructures. Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organisations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse.

For further new blogs.

Follow Me on Medium!!!

Contact

Contact Me

Address

Noida, UP, India

Contact Number

+91-76785 74185