This is the sequel of python automation which I had posted earlier. In last blog, I had explained about how to install bodge open-source application and perform source code review.Please go though my previous blog to follow this up. AppSec-Code Review & Python automation-story-1 It has been long since I have posted in medium. I have been with my masters in cyber security all these days. However…pravinponnusamy.medium.com

It has been long since I have posted in medium. I have been with my masters in cyber security all these days. However, I managed to come up new series of application security skill enhancer. I would love to bring on secure code review and python security automation. As part…

This is going to be a series of blogs in web application security test scenarios and this is one of them. As we all know, web applications have become an integral part of our life. People use web applications for most of the services. Customers register and store their personal…

This is another bug bounty automation blog explaining my thought process for crawling and enumerating JavaScript file. Modern web applications are heavily built on JavaScript. Starting from API calls to most business logics, many critical functionalities are built on client-side nowadays. It is just that if we are able to…

It has been long since I have posted my blog on security. However, this time I would like to bring you a top of bug bounty. I know!! as a security researcher most of you will be doing bug bounty hunting as part time or full time. Bug hunting is…

In modern-day web applications, critical application development has been done on javascript files. Java script files contain some sensitive information such as API secret key and other internal domain URL values. When the attackers get hold of such information, they will be able to talk to API and make changes…

What is CVE-2019–19781? An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. As stated above all the CITRIX ADC with versions specified above are vulnerable to this attack. …

What is SSRF attack? What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security Academy In this section, we'll explain what server-side request forgery is, describe some common examples, and explain how to…portswigger.net I have always been curious about finding out SSRF vulnerability. This was the one the bugs that I have recently identified in my target application. Enumeration:

String.xml is a single location for various strings your application needs. Here every string has a unique id, this id you use in your code to use that string. It is always recommended not to store critical data. Sometimes due to insecure coding practices, some sensitive information might be stored…