(Photo by Sajad Nori on Unsplash)

Company-related Passwords

  1. We have a company named “Hooli”
  2. We enforced a default…


(Photo by Arthur Chauvineau on Unsplash)


(Photo by Towfiqu barbhuiya on Unsplash)

What is Account Takeover?


(Photo by Kevin Horvat on Unsplash)

Testing for Username/Email Enumeration

  • through Login Error Message Discrepancy
  • through Forgot/Reset Password Functionality
  • through Registration Form
  • through Response Time Discrepancy
  • through Response Size Discrepancy
  • through Account Lockout Message

Testing for Vulnerable Components

  • Vulnerable Libraries/Server/Proxy/Frameworks
  • Vulnerable WAF
  • Using Wappalyzer Extension


(Photo by Umberto on Unsplash)

What is Clickjacking?


(Photo by Clint Patterson on Unsplash)

#1 — You are passionate about it


Photo by FLY:D on Unsplash
  1. Train your employees about security awareness. Humans represent the weakest links that attackers take advantage of, that’s why…


What is Denial-of-Service?

Types of Denial-of-Service (DoS) Attacks


(Source: Unsplash)

What is a Penetration Test?


(Source: Unsplash)

What is CSRF?

Cristian Cornea

Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store