Server-Side Request Forgery (or SSRF) is an attack that consists of inducing a web application to send back-end requests to an unintended destination. Driven by the increasing popularity of Cloud services and complex back-end architectures, this attack has become more and more common in recent years. In the OWASP Top…

Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in the wild web. It is also not exceedingly difficult to exploit once you encounter a vulnerable web server, as this article will later show. Before we…

HTTP Request Smuggling ( HRS) is a type of attack that is gaining more and more attention in recent years. Its rise is fueled by the high prevalence of Cloud-based applications and services. In this article, we’ll learn the basics of this attack. We’ll see how it works, how to…

Out of the many attacks that threaten web applications today, XXE remains the one that is talked about the least. Although it gets far less attention than XSS or SQL injections, it does carry its own risk and should not be taken as a slight. In this guide, I will…

Cross- Site Request Forgery (CSRF or XSRF), also called Client-Side Request Forgery, is a type of attack that targets web applications. It allows an attacker to induce users into accessing and changing a state on a website inadvertently. In this article, we are going to explain how CSRF attacks work…

Regular expressions are present in almost all programming languages (Python, PHP, Javascript…), as well as in Linux commands (grep, sed…) and in many other high-level languages and applications. So, why are they so widely present? what exactly are they used for? and how can we start using them ourselves? Before…

This article presents a great introduction for anyone trying to learn about Cross-Site Scripting (or XSS). You don’t need to be an expert to follow along. However, you do need to know some basics about how the web works in order to gain the most from this article. We will…

THC Hydra is a powerful tool to use against login forms. It can perform brute force and dictionary attacks against different types of applications and services. When a web application relies on usernames and passwords as its only line of defense, a pentester or a malicious user can use Hydra…

Once you’ve gained access to a Linux system, the next logical step is to perform privilege escalation. That is, to go from a user account with limited privileges to a superuser account with full privileges. There are many options that can help you achieve this, ranging from simple and easy…