Photo by Sara Kurfeß on Unsplash

XML: eXploitable Markup Language

XPath injection on XML files


How to perform basic XPath injection on an XML file used for authentication? Find it out here...



Man standing in mountain

Stand on the Shoulders of Giants

About software composition analysis


Here we mainly develop a discussion on 'A9' of the OWASP Top 10: Using components with known...



Data has a better idea sign

Will Machines Replace Us?

Automatic detection vs. manual detection


Vulnerability detection by an automated tool is not enough to conclude that an app is secure....



Photo by su fu on Unsplash

The Infinite Monkey Fuzzer

Fuzz testing using American Fuzzy Lop


In this blog post, we are focused on how to perform basic fuzz attacks on desktop Linux C...



Fuzzy caterpillar

Fuzzy Bugs Online

Fuzz techniques for attacking web applications


How to make basic fuzz attacks on web apps? We fuzz over SQL injections on a vulnerable DB...



Cucumber slices

Is Your App in a Pickle?

Documenting vulnerabilities with gherkin


Gherkin can be used for documentation and automated testing. Here we focus on its basics and how...



Person working on the computer while looking at cellphone

Delimiting an Ethical Hacking

How to define the scope of your objectives


When security flaws are found through ethical hacking, it is important to delimit the...



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities


Comma-Separated Values file is a common extension in data files used in several application...



Hands typing in a text editor

The Importance of Pentesting

Protect your company against Hackers, not Lamers


In this article, we will discuss the importance of Pentesting when protecting our applications.



Text editor with code highlighting

Another Proud Son of JSON

Using JSON Web Token to send data


Here we introduce JSON Web Token, a simple, quick way to send secure, digital signed data from...



Person using a magnifying glass in keyboard

Symbolic Execution for Mortals

What it is and how it works


In this article, we intend to explain an approach to symbolic execution, which is very useful...



Chess piece different from the others

Conserving Your Identity

Using WS-Security to secure your web apps


In this article, we present a secure way to exchange information between different web services...




Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy