Your Perfect Cybersecurity Partner

Stay Connected:

Cybersecurity Blogs | Briskinfosec
10th August 2022

What is the difference between Manual Penetration Testing versus Automated Penetration Testing?

The new normal has made the market bigger for digital transformation projects and strategies for moving to the cloud.

2nd August 2022

Word-press plugin lightspeed caches security flaws and how to exploit them

WordPress plugin LiteSpeed Cache has a cross-site scripting vulnerability because it does not properly sanitize user input. An attacker can take advantage.

29th July 2022

XML Rpc Attack

Yes, I am talking about U.S department of defense get hacked. Bibek Dhakal found that the xmlrpc.php file on the U.S. Department of Defense website had been turned on leaving it open to an attack on other sites. The XML Rpc.php in WordPress is turned on by default

22nd July 2022

What is the difference between VA and PT ?

Thief plots heist at home. It takes him some time to figure out how to get into the house without being noticed. What we're doing here is called Vulnerability assessment.The thief could have used a glass door .

15th July 2022

What Is CRLF Injection Attack?

Twitter is one of the most popular social media platforms available today, with 100 million daily active users and 500 million tweets sent daily. But, do they have the best cybersecurity defense? Youssef discovered It was possible to inject the CRLF injection

5th July 2022

What Is FTP Penetration Testing and What It Is Not?

File transfer protocol, a standardized protocol used to allow transmission of files between computers. It consists of a set of coded signals which are transmitted between computers, and which inform

30th June 2022

How to save yourself from Phishing attacks? A quick guide!

Phishing is a type of social engineering attack used to obtain sensitive information from users, such as login credentials and credit card information.It

23rd June 2022

What is spring4shell vulnerability and how to address this vulnerability

Spring is a popular lightweight Java platform application framework that enables developers to easily create Java applications with enterprise-level features

21st June 2022

Is there a difference between authentication and authorization in an API?

As with web applications, APIs operate on the web, but many require some sort of authentication or authorization before you can access the valuable.

16th June 2022

Is CDN WAF enough to protect your web application?

What would you say if we told you that certain service was at USD 1.53 Billion in 2016 and is expected to reach USD 7.63 Billion by 2022.Is not this an exponential increase? Yes, that service is CDN WAF.

14th June 2022

How hackers bypass file upload and how to prevent it?

Starbucks does have the best coffee in the world. But, do they have the best cybersecurity defense? ? Johnstone discovered It was possible to execute arbitrary code by uploading a webshell

9th June 2022

While testing sql injection why do testers frequently use single quotes

SQL injection is often referenced as the most common type of attack on websites. It is being used extensively by hackers and pen-testers on web applications.

26th May 2022

My Website has HTTPS implemented. Should i really worry about implementing HSTS.

HTTP and that all redirection to the site using HTTP should be changed to HTTPS requests by default.

24th May 2022

How To Minimize The Impact Of False Positives?

Web applications are updated on a frequent basis in today's fast-paced development settings, and agile, integrated methodologies like DevOps are swiftly becoming the norm.To design, test, and update diverse apps

6th October 2018

Command Execution Attacks on Apache Struts server CVE-2017-5638

Apache Struts is a free, open-source, MVC framework for creating elegant and modern Java web applications.

6th October 2018

Cross Site Port Attack XSPA

A web application is helpless against Cross Site Port Attack if it forms client provided URL’s and does not disinfect the backend reaction obtained from remote servers previously while sending it back to the client.

8th October 2018

SQL Injection -Using Burp Suite

SQL injection is an attack when an attacker persuades to “inject” his harmful/malicious SQL code into someone else’s database, and force that database to run his SQL

11th October 2018

Server-Side Request Forgery-SSRF

Server-Side Request Forgery (SSRF) refers to an attack, wherein an attacker can send a maliciously crafted request from a vulnerable web application

22nd January 2019

Top Trending Web app security Vulnerabilities

For a long time in the cyber security world, Web applications are subjected to various kinds of security vulnerabilities because of the increase in its usage and the use of dynamic web application technologies

30th January 2019

Beware of Data War

Data as general is a set of information, knowledge or fact that is measured and stored in storage devices.

30th January 2019

Are you still fighting against decade old application attacks

In this modern digital era, online transactions play a pivotal role.