Path traversal vulnerabilities —aka directory traversal attacks—are like that one nosy neighbor who tries to peek into rooms they weren’t invited to. Path traversal vulnerabilities, also known as directory traversal attacks, attempt to gain access to and read files in a restricted directory by manipulating variables that reference file paths. It occurs on the web server outside the website's directory. This type of attack is wholly an attempt to get access to sensitive data t

Server-Side Request Forgery (SSRF) is a security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. Whew, that’s a mouthful. And that’s just the beginning of what makes SSRF so dangerous. Let’s unpack it a bit further: It is similar to cross-site scripting except it is gaining control of a server versus a URL and bypassing the firewall entirely. This attack typically targets i

“A new category for 2021 focuses on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures.” - OWASP The Wolf loves an insecure design that he can huff and puff and blow down. What is it and how can we prevent it? Let’s learn more together about this topic! “Little pig! Little pig! Let me in!” – The Wolf “No, no, no! Not by the hairs of my chinny chin chin.” – All Three Little Pigs Inse