Hello Readers! Here we go…

A suite is defined roughly by the following attributes:

• Authentication method

• Key exchange method

• Encryption algorithm

• Encryption key size

• Cipher mode (when applicable)

• MAC algorithm (when applicable)

• PRF (TLS 1.2 only — depends on the protocol otherwise)

•…

CSRF

Over the period of my infosec journey, i have collated some great reads that can make you a CSRF Pro.Let me share the same with you all.

This blog Covers –Basics of CSRF , 4 Types of recommendations, Multi-Stage CSRF, Json Flash CSRF, JSON CORS Flash CSRF, Chaining vulnerabilities to…

Hello Readers!

This blog is just a desclaimer to let people know the series of API pentesting blogs will not continue any further.As i started writing on API pentesting when there was no OWASP API testing guide, but now there it exist — https://www.owasp.org/index.php/OWASP_API_Security_Project

You may refer to this great project…

I will come up with some cool informative blogs soon.

In the process of deciding topic to write on… Stay tuned……

Hello Pentester, this blog will walk you through how the XML injections are performed and remediated.

XML Injection can be used to compromise the logic of an XML based application or web service. The injection of unexpected XML content into an XML input can change the intended logic of the…

Presuming we have got a low privileged shell of victim machine, trailing content will walk you through how can we find and exploit one of windows insecure configuration i.e. weak permissions on a service.

Sometimes in windows, we discover services that run with SYSTEM level privileges but doesn’t have proper…

Asfiya $ha!kh

OSCP | Penetration Tester | Bug Bounty Hunter | CTF Player https://www.linkedin.com/in/asfiya-shaikh/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store