Secure cookie attributes are special settings added to cookies to help protect users and their data when browsing websites. These attributes control how and when cookies are sent by browsers, reducing the risk of sensitive information being exposed or stolen. Common secure attributes include Secure, HttpOnly, and SameSite, each serving a different purpose to improve…
Category: InfoSec
Subresource Integrity (SRI)
Subresource Integrity (SRI) is a security feature that helps ensure files loaded from third-party sources, such as JavaScript libraries or stylesheets, have not been tampered with. It works by allowing website developers to provide a cryptographic hash of the file they expect to load. When the browser fetches the file, it checks the hash. If…
HTTP Security Headers
HTTP Security Headers are special instructions added to the responses sent by web servers to browsers. These headers tell browsers how to behave when handling website content, adding extra layers of protection against certain types of cyber attacks. By using these headers, websites can help prevent issues like cross-site scripting, clickjacking, and content sniffing, making…
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) is a security vulnerability where an attacker tricks a server into making requests to unintended locations. This can allow attackers to access internal systems, sensitive data, or services that are not meant to be publicly available. SSRF often happens when a web application fetches a resource from a user-supplied URL without…
XML External Entity (XXE) Attacks
XML External Entity (XXE) attacks are a type of security vulnerability that affects applications using XML input. When an application processes XML data without proper safeguards, attackers can exploit features that allow external entities to be loaded. This can lead to sensitive data exposure, denial of service, or even system compromise. XXE attacks often occur…
Secure Deserialization
Secure deserialization is the process of safely converting data that has been stored or transmitted in a structured format back into an object or data structure. If not handled carefully, deserialization can be exploited by attackers to run malicious code, access sensitive information, or compromise a system. By applying security checks and using trusted sources,…
Secure File Parsing
Secure file parsing refers to the process of reading and interpreting data from files in a way that prevents security vulnerabilities. It involves checking that files are in the correct format, handling errors safely, and protecting against malicious content that could harm a system. Secure parsing is important because attackers often try to hide harmful…
Time-of-Check to Time-of-Use (TOCTOU)
Time-of-Check to Time-of-Use (TOCTOU) is a type of software flaw where a system checks a condition and then, before using the result, the state changes. This can allow attackers to exploit the gap between the check and the use, causing the system to behave unexpectedly or insecurely. TOCTOU issues often arise in file handling, permissions…
Integer Overflow Exploits
Integer overflow exploits are a type of software vulnerability where a computer program does not properly handle numbers that are too large or too small for the allocated storage space. When this happens, the value can wrap around to a much smaller or negative number, causing unexpected behaviour. Attackers can use this flaw to bypass…
Format String Vulnerabilities
Format string vulnerabilities occur when a computer program allows user input to control the formatting of text output, often with functions that expect a specific format string. If the program does not properly check or restrict this input, attackers can use special formatting characters to read or write memory, potentially exposing sensitive information or causing…