Wiki: Cyber Security
15 articles · Page 1/2
Exploiting Server-Side Template Injection (SSTI)
Understanding how unsafe template rendering engines can lead to full Remote Code Execution (RCE) vulnerabilities on web servers.
Exploiting Server-Side Template Injection (SSTI)
Understanding how unsafe template rendering engines can lead to full Remote Code Execution (RCE) vulnerabilities on web servers.
Security Risks of CORS Misconfigurations
How Cross-Origin Resource Sharing (CORS) prevents malicious websites from reading data from other domains, and the dangers of a wildcard policy.
Security Risks of CORS Misconfigurations
How Cross-Origin Resource Sharing (CORS) prevents malicious websites from reading data from other domains, and the dangers of a wildcard policy.
Implementing Secure JWT Authentication in REST APIs
A technical guide on how JSON Web Tokens work, their internal structure, and best practices for preventing token theft and replay attacks.
Zero-Day Vulnerabilities and Heuristic Defense Mechanisms
Understanding the lifecycle of unpatched software flaws and how modern EDR/XDR systems use behavioral analysis to block unknown threats.
Pass-the-Hash Attacks and Windows Credential Dumping
Understanding how attackers use tools like Mimikatz to extract NTLM hashes from memory and move laterally across Active Directory networks.
Identity Protocols: OAuth 2.0 vs. OpenID Connect (OIDC)
Clarifying the critical difference between OAuth 2.0 (Authorization) and OpenID Connect (Authentication) in modern web security.
Penetration Testing vs. Vulnerability Scanning
Clarifying the critical differences between automated vulnerability scans and manual, objective-based penetration testing in cybersecurity.