Test a page for clickjacking/framing vulnerability Enter the URL to frame: Test it! …
Getting Started in Bug bounties
Bug bounties, also known as responsible disclosure programmes, are setup by companies to encourage security researchers to report vulnerabilities discovered on their sites. Some companies offer rew…
PGP Email Encryption Using Mailvelope
Mailvelope is a free browser extension for Google Chrome and Mozilla Firefox that introduces OpenPGP encryption to webmail services that you may be using. The extension supports for Gmail, Yahoo! …
Lack of SPF leads to Email Spoofing
The threat from malicious email represents one of the greatest risks to IT security. The Messaging Anti-Abuse Working Group (MAAWG) identifies 85% of incoming mail as abusive or malicious. One of th…
XSS in Referrer Header
XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications. Background Suppose we have an application that generates a "Back" li…
Testing for Password Reset token validation
Every Web application provides a mechanism to reset our account password. This generally prompts the user to enter his registered email address to get the password reset link. Whenever the user enter…
Burp Suite tutorial
Burp suite or Burp proxy is a web application proxy tool which is very useful for testing web applications. It contains numerous tools like proxy,spider,scanner, intruder, repeater, sequencer, decode…
Session fixation Attack
Session Fixation is an attack that allows an attacker to takeover a valid user session. When authenticating a user, it doesn’t assign a new session ID, and use an existent session ID. The attack cons…
Cross Site Request Forgery
Cross-Site Request Forgery (CSRF) is an attack where an attacker sends requests from malicious website to a target web application that a user is already authenticated. This way an attacker can acces…
List of Bug Bounty Programs
The below is the list of companies offering bug bounty programme table.tableizer-table { border: 1px solid #CCC; font-family: Arial, Helvetica, sans-serif; font-size: 12px; } .tableizer-table td …
Cross Site Scripting
Introduction Cross-Site Scripting stems from a lack of encoding when information gets sent to application's users. This can be used to inject arbitrary HTML and JavaScript; the result being that this…
Bug bounty program
A bug bounty program, also called a hacker bounty program or vulnerability rewards program, is that rewards individuals for finding a software bug and reporting it to the organization offering a rewa…