(Photo by Kevin Horvat on Unsplash)

Through this article, we will discuss some tests and guidelines that are part of my Web Penetration Testing methodology.

Testing for Username/Email Enumeration

  • through Forgot/Reset Password Functionality
  • through Registration Form
  • through Response Time Discrepancy
  • through Response Size Discrepancy
  • through Account Lockout Message

Testing for Vulnerable Components

  • Vulnerable WAF
  • Using Wappalyzer Extension
  • Using Snyk Database
  • Using Browser Console

Testing for Information Disclosure

  • through Response Headers
  • through comments
  • through StackTrace/Debug messages
  • through direct request
  • through other HTTP Methods
  • through files

Testing for Security Misconfigurations

  • SSL/TLS Misconfigurations
  • Missing/Misconfigured Security Headers
  • Missing Security Flags on Cookies
  • Missing Rate-Limiting
  • OPTIONS/TRACE Methods Allowed
  • No custom pages defined for error…


(Photo by Umberto on Unsplash)

In this article, we will discuss the Clickjacking vulnerability, how to find one, and present 25 disclosed reports based on this issue.

What is Clickjacking?

Clickjacking is a vulnerability through which users are tricked (visually) to click some buttons or UI elements of the parent page, but in reality they are clicking something in the vulnerable web application, because that is being hidden behind the UI of the parent page. Basically the clicks of the users are hijacked for another action within a different page.

It can lead to unrestricted actions being performed, malware download, likejacking (for social media pages), and more.

How to find a Clickjacking Vulnerability

There…


(Photo by Clint Patterson on Unsplash)

In this article, we are going to discuss 3 important traits of any ethical hacker, bug bounty hunter, or penetration tester.

#1 — You are passionate about it

Passion is what brought us all to the places where we are right now. You can’t do a big deal if you are not passionate about it, because passion is what will make you push your limits, to work even in your “low” or tired days.

Passion is what will make us rise, learn, and move on after we fell down, which can be for example a disappointment.

Some long ago I’ve saved a really nice quote which says…


Photo by FLY:D on Unsplash

Here are 10 actionable tips that you can use to improve the overall cyber security posture of your organization, and also to protect against some of the most common attacks out there.

  1. Train your employees about security awareness. Humans represent the weakest links that attackers take advantage of, that’s why Phishing is one of the most popular delivery methods of malware and ransomware.
  2. Watch out for weak, default, or compromised passwords. If you haven’t done yet, you should enforce password policies for all the systems within your organization, which includes complexity and reusage checks. As soon as you deploy new…


In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.

What is Denial-of-Service?

A Denial-of-Service (DoS) can be an attack vector or vulnerability through which you can make an application, machine, or network unresponsive to its users.

Types of Denial-of-Service (DoS) Attacks

Our main focus is on the Application-layer Denial-of-Service (DoS) attacks, that you can find in bug bounty programs, but we will also discuss most common types of Denial-of-Service:

  • Volume-based DoS/DDoS Attacks: ICMP Floods, Ping-of-Death (PoD), and more
  • Protocol-based DoS/DDoS Attacks: SYN Floods, Fragmented Packets Floods, Smurf DoS/DDoS Attacks, and more
  • Application-based Dos/DDoS Attacks: Web Application…


(Source: Unsplash)

Are you looking to get into Penetration Testing, Ethical Hacking, or Red Teaming? If the answer is yes, then this article is definitely for you!

What is a Penetration Test?

A Penetration Test, or commonly named “Pentest”, is the process of evaluating the security weaknesses of an organization’s assets, using similar methodologies to the ones used by real attackers.

Penetration Test = Vulnerability Assessment?

The answer is clearly, NO!

A Pentest is not equal to a Vulnerability Assessment, and a lot of people tend to confuse the terms. From my experience, I have encountered clients that requested a Penetration Test, but in reality, they wanted a Vulnerability Assessment, or vice-versa…


(Source: Unsplash)

In this article, we will discuss CSRF vulnerability, how to find one and present 25 disclosed reports based on this issue.

What is CSRF?

Cross-Site Request Forgery or CSRF is a web-based vulnerability through which an attacker targets the client-side into executing or performing unwanted actions while they are authenticated. This issue must be combinated with a social engineering technique in order to accomplish its exploitation goals. The impact can vary from low severity to a complete application compromise, depending on the components and endpoints affected of CSRF.

Types of Cross-Site Request Forgery

Let’s take a look over three common types of CSRF:

  • URL-based CSRF: It can be…


(Source: Unsplash)

Introduction to Cross-Site Scripting (XSS)

In this article, we will discuss Cross-Site Scripting (XSS) vulnerability, how to find one and present 5 creative ways to demonstrate its impact by exploiting it.

Cross-Site Scripting (XSS) and the various types of it

It is a web-based vulnerability in which an attacker can inject malicious JavaScript code into the application, which will be later executed.

There are multiple types of this vulnerability (based on how the malicious scripts are stored and executed):

  1. Stored/Persistent XSS: malicious scripts are stored in the application, for example in a comment section.
  2. Reflected/Non-persistent XSS: malicious scripts are returned back to the user, for example in a search query.
  3. DOM-Based/Client-Side XSS: malicious scripts…


In this article, we will discuss XXE vulnerability, how to find one, and present 25 disclosed reports based on this issue.

What is XXE?

XXE stands for “XML External Entity”, and it is an injection vulnerability in which the attacker exploits the XML parser of an application (the way how the system processes XML-based input).

This vulnerability is dangerous because it can be leveraged, and it can lead to multiple attack types that could result in a full compromise of the application.

A critical requirement for such an attack to work is to have XML entities enabled within the parser.

Types of XXE


(Dharma Ransom note)

In this article, we are going to discuss and analyze the methodology behind an infection with the Dharma ransomware.

History

The ransomware from the Dharma family dates back to 2016, but different and more complex variants were developed and released over time. Later analysis concluded that Dharma evolved from the CrySIS family, which was released in early 2016.

Cristian Cornea

Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store