Blog

Deploying your own Website

with Jekyll and Cloudfare Pages

Back in 2016 or so, I had a quaint little website made in Jekyll and deployed with Github pages. This was great. It’s a professional hazard for some people who...

Secure Coding: Misuse of Security Concepts

In a previous post, we discussed why bugs are so frequent and persistent when it comes to application security. One of the reasons mentioned was misuse of security concepts in...

Understanding Application Security and APIs

Application security as a whole requires an overarching view of all your products and how their vulnerabilities might be made worse or better in relation to each other. However, an...

Practical tips for a successful research process - Tools

There is a lot of well-informed literature regarding how to choose your research topic, how to conduct the literature review, how to write the thesis or a paper, and there...

UNIX and Stack Smashing

Let us look into what buffer overflow vulnerabilities are, what aspects of UNIX system design allows their (popular and continued) exploitation and what precautions can be taken to patch them....

A brief look into securing calls to Software Libraries and frameworks

One of the most common uses of APIs is integrating libraries and frameworks that has a required behavior to a new software in order to cut down on the development...

Reflected Cross Site Scripting and Subsequent Session Hijacking

Cross Site Scripting attacks and session hijacking are two very common attacks that plague many web applications. From these attacks, cross site scripting can be sufficiently mitigated using proper user...

POSIX capabilities, Yay or Nay?

Certain programs in Linux environments are required to run with a higher level of privilege than allowed to the normal user. This is supported through the “setuid(0)” function, where the...

A glimpse into Shellshock

Shellshock is a family of exploits which lets attackers execute arbitrary code through Unix Bash Shells.

Denial of Service - Then and Now

Perhaps the simplest way to understand Denial of Service would be the Ping of Death attack. Following that, we shall discuss how contemporary attacks exist which resemble Ping of death,...

Inbuilt Logging in Linux and Honeypots

User Activity Logs

SSL Attacks and Countermeasures

Let us discuss several attacks that are conducted on Secure Socket Layer, what vulnerabilities they exploit, how the attacks are conducted, and what countermeasures can be applied to mitigate them....