Rusty lock

Requiem for a p455w0rD

Why passphrases are better than passwords


Author: Rafael Ballestas

Category: identity

Tags: password,  credential,  security

In this blog post, we mainly make a comparison between having weak or complicated passwords...



Code on a screen

The Oracle of Code

About code as data


Author: Rafael Ballestas

Category: attacks

Tags: testing,  application,  detect

This blog post is a description of the code-as-data approach to source code analysis.



Photo by Sara Kurfeß on Unsplash

XML: eXploitable Markup Language

XPath injection on XML files


Author: Rafael Ballestas

Category: attacks

Tags: xml,  xpath,  injection

How to perform basic XPath injection on an XML file used for authentication? Find it out here...



Man standing in mountain

Stand on the Shoulders of Giants

About software composition analysis


Author: Rafael Ballestas

Category: attacks

Tags: testing,  dependency,  vulnerability

Here we mainly develop a discussion on 'A9' of the OWASP Top 10: Using components with known...



Data has a better idea sign

Will Machines Replace Us?

Automatic detection vs. manual detection


Author: Andres Cuberos

Category: philosophy

Tags: application,  detect,  vulnerability,  scanner

Vulnerability detection by an automated tool is not enough to conclude that an app is secure....



Photo by su fu on Unsplash

The Infinite Monkey Fuzzer

Fuzz testing using American Fuzzy Lop


Author: Rafael Ballestas

Category: attacks

Tags: fuzzing,  application,  hacking

In this blog post, we are focused on how to perform basic fuzz attacks on desktop Linux C...



Fuzzy caterpillar

Fuzzy Bugs Online

Fuzz techniques for attacking web applications


Author: Rafael Ballestas

Category: attacks

Tags: sql,  fuzzing,  injection

How to make basic fuzz attacks on web apps? We fuzz over SQL injections on a vulnerable DB...



Cucumber slices

Is Your App in a Pickle?

Documenting vulnerabilities with gherkin


Author: Rafael Ballestas

Category: documentation

Tags: documentation,  vector,  software

Gherkin can be used for documentation and automated testing. Here we focus on its basics and how...



Person working on the computer while looking at cellphone

Delimiting an Ethical Hacking

How to define the scope of your objectives


Author: Felipe Gómez

Category: philosophy

Tags: ethical hacking,  pentesting,  security testing

When security flaws are found through ethical hacking, it is important to delimit the...



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities


Author: Jonathan Armas

Category: attacks

Tags: security,  csv,  code,  web

Comma-Separated Values file is a common extension in data files used in several application...



Hands typing in a text editor

The Importance of Pentesting

Protect your company against Hackers, not Lamers


Author: Felipe Gómez

Category: philosophy

Tags: security,  protect,  information

In this article, we will discuss the importance of Pentesting when protecting our applications.



Text editor with code highlighting

Another Proud Son of JSON

Using JSON Web Token to send data


Author: Juan Aguirre

Category: identity

Tags: security,  information,  jwt

Here we introduce JSON Web Token, a simple, quick way to send secure, digital signed data from...



< 1 2 3 4 5 6 7 8 9 10 11 12 13 >

OWASP logo

Corporate member of The OWASP Foundation

Clutch Review

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy