Posts

Owasp top 10

The OWASP Top 10 (2021) is a widely used list of the most critical web application security risks. Understanding each vulnerability and knowing how to test it is essential for penetration testing, bug bounty hunting, and secure software development. Important: Only test applications that you own or have explicit permission to assess. 1. Broken Access Control (A01:2021) What is it? Broken Access Control happens when users can perform actions or access resources they shouldn't. Example A normal user changes: GET /profile?id=100 to GET /profile?id=101 and accesses another user's profile. Impact Read other users' data Delete data Become admin Access confidential information How to Test Step 1: Create two accounts User A User B Step 2: Login as User A Capture request in Burp Suite. GET /orders/101 Step 3: Change 101 to 102 If you receive User B's data: ✅ Broken Access Control Tools Burp Suite OWASP ZAP Postman 2. Cryptographic Failures (A02:2021) What is it? Sensitive inform...

Owasp top 10

What is the OWASP Top 10? The **OWASP Top 10** is a standard "awareness document" published by the Open Worldwide Application Security Project (OWASP). It ranks the 10 most critical security risks facing web applications, based on real-world vulnerability data and industry consensus. It's the baseline reference for developers, pentesters, and auditors — and standards like PCI DSS and ISO 27001 reference it as a best-practice benchmark. The current edition is **OWASP Top 10:2025** (which replaced the 2021 edition) . Here's the list, what each risk means, and how to test for it. --- ## The 2025 list + how to test each one ### A01 — Broken Access Control Users can access data or functions beyond their permissions (IDOR, privilege escalation, force browsing). SSRF from the 2021 list is now folded into this category. **How to test:** - Create two accounts (user A, user B). Change IDs in URLs/requests (`/api/user/1001` → `1002`) and see if you can read/modify B's data w...

The World has Embraced Digital Marketing. Will you?

Almost 60% of the world’s population is present on the internet. In today’s world, we pay our bills online, book tickets online, watch movies online and even learn online. Today, an average internet user spends about a whopping 7 hours on the internet, scrolling through social media, emails, and websites. We are not very far from spending every waking hour on our electronic devices soon and that has all been possible due to the internet’s meteoric rise. The internet's rise has greatly empowered one industry- Digital Marketing. The increase in the number of people buying smartphones and computers has essentially increased the number of people on the internet. And as the numbers keep expanding, digital marketing spreads its wings far and wide. Let us try to understand why digital marketing has become an unstoppable force and how it can benefit you.  What is Digital Marketing? The marketing of products or services through different digital channels such as search engines (Google, Yaho...

Do anything but let it produce joy

The instruction was simple, almost absurd: do anything, but do not let it produce joy. It sounded like a rule designed not to limit action, but to limit the human spirit. Under such a command, every task became mechanical, every achievement became hollow, and every moment of curiosity was treated as something dangerous. Work could continue, conversations could happen, buildings could rise, and inventions could emerge, but none of it was allowed to awaken delight, satisfaction, or hope. Imagine a society that follows this principle without question. Parks are built, but no flowers are planted because colorful blooms might brighten someone's day. Music is reduced to repetitive tones that communicate information without stirring emotion. Books contain facts but no stories, for stories inspire imagination and emotional connection. Meals provide nutrition but no flavor worth remembering. Birthdays pass like ordinary dates, and festivals disappear because celebration itself becomes an un...

Javascript

  //single line comment /* multi line comment*/ // let, const //string, numbers, boolean, null, undefined const name = 'hemanth'; const age = 28; const rating = 4.5; const isCool = true; const x = null; const y = undefined; let z; console.log(typeof name); //strings const name = 'hemanth'; const age = 28; //concatination console.log('my name is '+name+  ' and I am '+ age); //template string console.log(`my name is ${name} and I am ${age}`); const hello = `my name is ${name} and I am ${age}`; console.log(hello); //string functions const s ='hello world'; console.log(s.length); console.log(s.toUpperCase()); console.log(s.toLowerCase()); console.log(s.substring(0, 5)); console.log(s.substring(0,5).toUpperCase()); console.log(s.split('')); const t = 'technology, computers, it, code'; console.log(t.split(', ')); //arrays /* array using constructor, new keyword and  something after that means it is called constructor */ const nu...