The OWASP, also known as “Open Web Application Security Project”, is an internationally recognized non-profit organization solely dedicated to the security of web applications. It was first developed in 2003. The OWASP has one core principle that every material is available to the public for free, and everyone can improve their web application security. The …
Structured Query Language Injection is a way of code modification technique which is used to change the data from SQL databases. By using this command, any unauthorized user can use to identify a more privileged user. In modern technique, SQL injection occurs over the internet by sending queries to an API endpoint. Some query field …
An Internet Exchange Point can be defined as the physical infrastructure through which content delivery networks (CDNs) and Internet Service Providers (ISPs) exchange the Internet traffic between their networks. IXPs are not internet service providers but they allow various network operators to exchange traffic with other operators. An exchange point will not sell you anything …
An edge server is any type of server that resides on the logical edge of two networks, typically between a private network and the internet. It can serve many purposes depending on the context. The major purpose of the content delivery network is to store content at the closest location to the requesting client machine, …
An origin server processes and response to incoming internet requests from internet users. It is typically used in conjunction with the caching or an edge server. It is responsible for serving the content of an internet entity such as a website, or web app as long as the user traffic or a number of client …
Delivering web pages and data over HTTP connections exposes users to security risks. Because servers are usually not connected directly to each other, they must pass their requests and responses through a series of network routers. These routers, located in-between servers, have complete access to requests sent via HTTP connections. Since the data is transferred …
Web scraping is the process of data extraction from different websites. It is done by using a piece of code known as “scraper”. It includes sending a ‘GET’ type query and then HTML parsing of the received content. After parsing, the scraper searches for the specified data and convert it into the specified document. The …
Phishing is a social engineering attack which is an attempt to steal sensitive and personal user information with the ill intents of gaining illegal access or financial gains. The stolen information can be in the form of usernames, passwords, bank account details or credit card numbers. The attackers utilize this information in two ways: either …
Via token authentication features, users can implement access control via URL parameters or HTTP request headers without having to build complex back-end systems Take mlytics platform as an example, we will check these tokens at the Web Application Firewall (WAF) before any request is relayed to an origin. If the token is not valid the request is …
A man-in-the-middle attack is a method which an attacker places himself in between the two devices and intercepts or modifies the messages/communication. The attacker is also able of impersonating as either of two agents and can do unauthorized actions. The attack needs three participants: the victim, the entity/system under attack and the middleman who eavesdrops. …
