In role based applications, a penetration tester should always ensure that he tests for privilege escalation. Let's take an example of a...

1. Insecure Direct Object References (IDOR) : Imagine you have a web application where each user has an account page with a unique number...

Verify that the "Forgot Password" link/button is prominently displayed on the login page. Check that the user is directed to the correct...

Following tutorial demonstrates a simple way of installing DVWA in Kali https://www.youtube.com/watch?v=PaB17Cc0dUg

Test Cases: Here are the following ways in which we can attack a login page: Source Code and Wappalyzer - Using source code, it might be...

Parameter pollution is a security vulnerability that can occur in web applications when user supplied data, such as query parameters,...

Before we start with the test cases for the Banking website, let’s understand the functionality of Banking web app: The banking web...

PUT: This method is used to update an existing resource on a web server. For example, if you want to update a user's profile information,...

Open Web Application Security Project (OWASP) is a non-profit organization dedicated to address security threats. They address top 10...

XXE stands for XML External Entity and before we understand the attack, lets understand what is XML first: XML (eXtensible Markup...