Senior Offensive Security Specialist - Red teamer, ex-Deloitte | OSCP | eWPT | NSE 1,2
I am happy to share that I have completed the "Injection Attacks" training from Cybr. A great training for web application penetration testing and injection attacks. #penetrationtesting #training #webapplicationsecurity #sqlinjection #smtp #xxe #ldap
B.Sc. in Applied computer science & A.I. (3rd year) at "La Sapienza" University of Rome | Next: M.Sc. & Ph.D. in Cybersecurity at KAUST University - Saudi Arabia
HTB certified penetration testing specialist: ▮▮▮▮▮▮▯▯▯▯▯ 55% Topics covered: -> Intro to XSS -> Stored XSS -> Reflected XSS -> DOM XSS -> XSS discovery -> Defacing -> Phishing -> Session hijacking -> XSS prevention -> Skills assessment LAB
Software Quality Assurance Engineer | Manual | Automation | Selenium | JMeter | Postman
What is OWASP? OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in web application security. The Top 10 OWASP vulnerabilities are: Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross-Site Scripting (XSS) Insecure Deserialization Using Components with known vulnerabilities Insufficient logging and monitoring #sqa #qualityassurance #softwaretesting #qaengineer #testautomation #testingstrategies #qualitycontrol #agiletesting #qacommunity #apitesting #automationtesting #manualtesting #whitebox #blackbox #securitytesting #bughunting
Creative Freelance Graphic Designer | Expert in Logo & Social Media Design | Crafting Stunning & Engaging Visuals
Hi guys! I have successfully completed this course and learned alot about Practical Web Application Security and Testing. #security #testing #tcmsecurity
Ex-Graduate Trainee @ Civica India | Cybersecurity, QA Analyst, Penetration Testing • C# • Python • Selenium • Manual & Automation Testing
The steps a penetration tester takes during an engagement is known as the methodology. A practical methodology is a smart one, where the steps taken are relevant to the situation at hand. For example, having a methodology that you would use to test the security of a web application is not practical when you have to test the security of a network. Before discussing some different industry-standard methodologies, we should note that all of them have a general theme of the following stages: #penetrationtesting #ethicalhacker #methodology #bugbounty #bugbountytips #hacker
Cybersecurity Analyst | Google IT Support Professional | Business Analyst @ GM FARM SARL
XSS vs CSRF What is the difference between XSS and CSRF? Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user. Cross-site request forgery (or CSRF) allows an attacker to induce a victim user to perform actions that they do not intend to. The consequences of XSS vulnerabilities are generally more serious than for CSRF vulnerabilities: CSRF often only applies to a subset of actions that a user is able to perform. Many applications implement CSRF defenses in general but overlook one or two actions that are left exposed. Conversely, a successful XSS exploit can normally induce a user to perform any action that the user is able to perform, regardless of the functionality in which the vulnerability arises. CSRF can be described as a "one-way" vulnerability, in that while an attacker can induce the victim to issue an HTTP request, they cannot retrieve the response from that request. Conversely, XSS is "two-way", in that the attacker's injected script can issue arbitrary requests, read the responses, and exfiltrate data to an external domain of the attacker's choosing. #CSRF #XSS #HTTP #exploit #Cross_site_scripting #vulnerabilities #script #sqlinjection
