Web-Security

Deep dive into SSL/TLS protocol implementation in browsers, explaining the handshake process, certificate validation, and what attackers can see during encrypted connections.

SQL Injection. At the top in the OWASP Top 10 List. I was going through some missions, and came across one with SQL Truncation vulnerability. It is an ignored vulnerability, and many have patched the vulnerability, but there are lots of websites which still have this vulnerability. Here I’m explaining you (ELI5) the basics of SQL Truncation and how the vulnerability is exploited. The Scenario Let’s take an example of a website where a user can register himself with a username and password, and later login with the same username-password combination. Let’s name this website pikachu.com. ...