Welcome to Secumantra! In this post, we will understand the number two vulnerability in the OWASP Top Ten 2017 version which talks about broken authentication and session management. We already know what is OWASP and OWASP Top Ten, please read more about it here. In short, OWASP (Open Web Application Security Project) is a nonprofit foundation…
Welcome to Secumantra! We already learnt what is OWASP and OWASP Top Ten in our previous post. OWASP Foundation is one of the most respected authorities in the field of web application security and it releases OWASP Top Ten List periodically sharing most common security vulnerabilities. Introduction Injection is the number one vulnerability mentioned in…
Welcome to Secumantra! We already learnt what is OWASP and OWASP Top Ten in our previous post. Before we look each one of these items in detail, we must build our vocabulary to have basic understanding of some of the commonly used security terms. To start with, we will focus on top ten such terms…
Welcome to Secumantra! In this post we will understand what Cross-Origin Resource Sharing (CORS) is and will try to understand this typical CORS error we face frequently while accessing some URL or when working with APIs. You might have seen this kind of error many times on your browser console – In short, Cross-Origin Resource Sharing…
Welcome to Secumantra! In this post we will learn how to generate a self-signed SSL certificate for your website or web service. What is a Self-Signed SSL Certificate? A self-signed certificate is an SSL certificate that has not been validated by a Certificate Authority (CA). It is created by the developer of the application locally and…
Welcome to Secumantra! We already learnt what is OWASP and OWASP Top Ten in our previous post. Just to summarize, OWASP Foundation is one of the most respected authorities in the field of web application security and it releases OWASP Top Ten List periodically sharing most common security vulnerabilities. In this post, we will learn…
Welcome to Secumantra! In this post, we will learn what OWASP is and what it offers. As we are mainly talking about web application security on this blog, let’s get familiar with OWASP and OWASP Top Ten. We will frequently refer this for next few blog posts and discuss related topics. OWASP and OWASP Top…
Welcome to Secumantra! In this post, we will understand some important security tips to protect ourselves and our families from being a victim of a potential online fraud. Security awareness has become very important in modern world when most of us are connected to internet and are working from home due to current pandemic situation….
Welcome to Secumantra! In this post we will understand Cross-Site Request Forgery attack, commonly known as CSRF or XSRF attack. It is one of the common attacks observed for web applications and has been there in OWASP Top Ten for many years. Introduction and OWASP Overview In a CSRF attack an end user’s browser is…
In the previous post, we learnt about main actors and terminologies used in OAuth 2.0. We started discussing about grant types (OAuth flows) and talked about most used grant type i.e. authorization code grant. In this post we will discuss remaining three types of grants. Let’s start – 2. Implicit grant The implicit grant type…
