• 2021-01-10
  • 7 minutes

The Log Forging Vulnerability And How To Fix It

The Log Forging vulnerability, also known as Log Manipulation is a really low ranked vulnerability that in a lot of cases its to farfetched to be reliably exploited, but on others can be quite easy and cause real damage. In this post we’ll understand what is log forging and see many different conditions that can […]
Continue Reading
  • 2019-07-19
  • 6 minutes

Hardcoded Passwords

Hardcoded passwords… This is a problem quite common, and most of the projects that I get my hands on have a hardcoded password somewhere. But, what’s the problem of having for example the password of the database in the code? Well, actually, a lot! Lets start by the most straightforward scenario. Hardcoded passwords, (and when […]
Continue Reading
  • 2019-06-17
  • 7 minutes

XML External Entities (XXE)

XML and JSON are two formats ruling the web right now. Although JSON’s adoption is increasing significantly specially with REST, XML is still widely used. What most of developers don’t know is that most of the XML parsers out there by following the specification by default have major security flaws. In some cases (not that […]
Continue Reading