Application Security | OWASP | Vulnerability

What is a SQL Injection Risk?

Welcome to Secumantra! We already learnt what is OWASP and OWASP Top Ten in our previous post. OWASP Foundation is one of the most respected authorities in the field of web application security and it releases OWASP Top Ten List periodically sharing most common security vulnerabilities. Introduction Injection is the number one vulnerability mentioned in…

Application Security

Cross-Origin Resource Sharing (CORS)

Welcome to Secumantra! In this post we will understand what Cross-Origin Resource Sharing (CORS) is and will try to understand this typical CORS error we face frequently while accessing some URL or when working with APIs. You might have seen this kind of error many times on your browser console – In short, Cross-Origin Resource Sharing…

Application Security

How to Create a Self-Signed SSL Certificate

Welcome to Secumantra! In this post we will learn how to generate a self-signed SSL certificate for your website or web service. What is a Self-Signed SSL Certificate? A self-signed certificate is an SSL certificate that has not been validated by a Certificate Authority (CA). It is created by the developer of the application locally and…

Application Security

CSRF Attack and CSRF Tokens

Welcome to Secumantra! In this post we will understand Cross-Site Request Forgery attack, commonly known as CSRF or XSRF attack. It is one of the common attacks observed for web applications and has been there in OWASP Top Ten for many years. Introduction and OWASP Overview In a CSRF attack an end user’s browser is…

Application Security

The OAuth 2.0 Flows – Part II

In the previous post, we learnt about main actors and terminologies used in OAuth 2.0. We started discussing about grant types (OAuth flows) and talked about most used grant type i.e. authorization code grant. In this post we will discuss remaining three types of grants. Let’s start – 2. Implicit grant The implicit grant type…

Application Security

The OAuth 2.0 Flows – Part I

The OAuth 2.0 framework is a delegation protocol specifically designed for authorization workflows. In this post, we will try to understand different flows (OAuth grant types) for clients to obtain the authorization grant. OAuth 2.0 Roles and Terminologies Let us revisit few important OAuth terminologies and entities involved in the workflows. OAuth defines four major…