Intro Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. This might include: App...

Theory What is GraphQL? GraphQL is a query language and runtime for APIs developed by Facebook in 2012 and released as an open-source project in 2015. It provides a more flexible and efficient alt...

Cross-site request forgery (CSRF) Cross-Site Request Forgery (CSRF) is a web security vulnerability that allows an attacker to trick a victim into unknowingly making an unwanted request to a web a...

Intro The NIST Cybersecurity Framework (CSF) is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity ris...

Vulnerability Scanning Automated process that identifies known security weaknesses in systems, networks, and applications. Typically performed regularly to detect outdated software, misconfiguratio...

WebSockets intro WebSocket is a communication protocol that provides full-duplex (two-way) communication between a client (usually a browser) and a server over a single, long-lived TCP conn...

Security Information and Event Management (SIEM) SIEM is a cybersecurity solution that collects, analyzes, and correlates log and event data from across an organization’s IT infrastructure to detec...

Server-Side Parameter Pollution Intro Currently working not only with tryhackme.com but with portswigger.net stuff also so there is a Server-Side Parameter Pollution topic in API testing so there ...

Intro Cyber threats are constantly evolving, making it essential for organizations to have robust security mechanisms in place. Among the key defenses are Intrusion Detection Systems (IDS) and Intr...

Intro Cybersecurity professionals use structured frameworks to understand, detect, and defend against cyber threats. So in this article we will talk about 3 main frameworks: The Cyber Kill Chain...