Everybody knows about Python. It’s now the second-most popular programming language worldwide, having overtaken Java. Not only is it used widely for machine learning and data science, but it’s also easy to learn for beginner programmers because of its easy code syntax, mimicking the English language.


Before moving further please take a look at my previous blog. you can easily understand what are business logic vulnerabilities and how they pose significant risk to web applications.

https://gupta-bless.medium.com/exploiting-business-logic-vulnerability-4f84534d699a

Now moving forward and look on another perspective of business logic vulnerability where user inputs are being used for exploitation

What handling user input is essential?

”User input” are those values or actions for which user interactions are needed such as entering any value from the keyboard, clicking on a button and finally submitting those values.

So we understand that users can enter anything or values that belong to any data type but to maintain application…


· What are Common Vulnerability Scoring System/CVSS

In application security, the most common term we hear is vulnerability that means weakness in the system that can be exploited and which poses a threat to an infrastructure or organization but there are few parameters that decide how severe a vulnerability is, these parameters combined decides the CVSS of the vulnerability. Greater the CVSS score, severe the vulnerability.

CVSS stands for common vulnerability scoring system where an organization or pen tester can use different parameters to rate the vulnerabilities and decide its severity. CVSS is a numerical representation of vulnerability’s severity also known as “Base score”. Value of the…


What is the need of cache?

If a server sends new response to each and every HTTP then it may overload the server because response may contains the images, videos etc. overloading the server means that the performance of the website will not be degraded and users will be affected.

To increase processing time and decrease latency, organizations implement caching on the website. Even CPU does that by using a cache memory which provides very fast data access. So the website do the same in order to improve the efficiency

Web cache poisoning

Web cache poison can posed a significant threat to the user. If the attacker was able…


Cloud is the term we hear very frequently now days. I have also covered some of the aspects of cloud in my previous blogs. So in this blog we will actually learn about the cloud security and its architecture. How the things works in the cloud and its architecture.

What is Cloud architecture/Cloud deployment Models?

There are different type of cloud models and their architecture depending on the ownership or hosting location they are classified into these following

i. Public/Multi-tenant:

CSP (Cloud service provider) provide some cloud services over internet and these cloud machines of infrastructure are on public facing internet.

Advantage:

User has to pay only as…


What are Hypertext Transfer Protocol methods/ HTTP methods?

For communication between client and server Internet, protocol suite uses HTTP.

HTTP work as request and response protocol between client and server means when a user visit application on browser a request is send to server and server send the response back. In response, we can see response code i.e. according to the request. It all happen with the help of HTTP.

To perform all HTTP have different methods and each method has its own significance.

Note: HTTP method name are case sensitive and everywhere they are used in UPPER CASE.

1. GET: To retrieve the information from server for…


Before moving forward towards EC2, lets get familiar with AWS Access keys and their security if you interested then go ahead and check my previous blog for that.

https://gupta-bless.medium.com/securing-and-managing-aws-access-key-88aa8ae938a

What is Amazon Elastic Compute Cloud/EC2?

EC2 is web based service provided by amazon that is used to provide resizable compute capacity in the cloud in short they are virtual machine in cloud.

Instance: Computing in EC2 is handled by launching it. Therefore, whenever we launch ec2 instance it depends on two factors:

· The operation system we are going to use in that, it will make the configuration which support…


Need OF Identity Access Management/IAM?

If organization have less no of AWS account then management of those accounts is simple since it is easy to manage the logs and their workaround. Admin can easily perform changes but if organization have large no of AWS account of different departments then this task gets hectic so we need to create a admin for each and every department . So with every account we have different sets of keys. So here we have 2 approaches:

i. Simplest is to create login in each account and mange those changes but this is not an ideal approach.

ii. Creation of…


Before moving further we must get familiar with XXE. So please check my previous blogs on it.

https://medium.com/@gupta.bless/exploitation-xml-external-entity-xxe-1f5f3e7bc5c4

We have learnt about XXE previously but there is one more thing we need to understand before going ahead, unrestricted file upload vulnerabilities. So you can read my previous blog for that one as well.

https://gupta-bless.medium.com/exploiting-unrestricted-file-upload-vulnerabilities-4831aa839b25

If the application has the image or file upload functionality then there might be possibility that we can upload an SVG file ,

Scalable Vector Graphics/SVG: SVG file actually defines graphics in XML format.

Since it defines graphics in XML format then these files create a…


What is Internet of Things (IOT)?

As name indicates, “things” means physical objects, Collection of physical objects which are connected over the internet. In IOT, we see inter connected devices, embedded sensors or multiple other software’s which can communicate data over Wi-Fi like creating processing the user interaction and other stuff without human intervention.

We see IoT devices all around like the smart speaker in our home which can actually run the whole house just by voice commands.

We now have smart fridges washing machines lights and much more which can actually be considered as the IoT devices

Structure:

Whole IOT devices are part of four-layer infrastructure.

Gupta Bless

Security enthusiast working to secure web for others https://twitter.com/BoredSecEngg

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store