API Security Misconfiguration

What is API Misconfiguration?

API7:2019 Security Misconfiguration

Security misconfiguration is commonly a result of insecure default configurations, incomplete or ad-hoc configurations, open cloud storage, misconfigured HTTP headers, unnecessary HTTP methods, permissive Cross-Origin resource sharing (CORS), and verbose error messages containing sensitive information.

Target Information

The target application is similar to uber, ola, and any other transport tracking application. The…


A pentester’s guide to insecure deserialization

Introduction

Insecure Deserialization is a vulnerability that occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top 10 2017 list.

To understand…


Hello all!. I hope Everyone is fine and I am here sharing my new recent vulnerability I found on an Android Application. The Android Application is an asset tracking application and I am not allowed to disclose the Application name, so I am sorry about that. Let’s get started…

What is SQL Injection?

SQL…


Hello all, It’s been a long time I hope everyone on planet earth is okay during this pandemic situation. Today I came up with a new writeup which is I found recently.

I mostly work on responsible disclosure because I thought I can help the companies who can’t afford the…


Photo by Markus Spiske on Unsplash

Remote Code Execution

Remote code execution (RCE) refers to the ability of a cyber attacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located.


Hello all, I am back with some good content I hope. This is a Blog post about jailbreaking the iPhone and install tools required to conduct iOS Penetration Testing.

So I am hereby sharing what are the difficulties that I faced while doing iOS Jailbreaking, setting up the environment, and…


Remote Code Execution

Remote code execution (RCE) refers to the ability of a cyber attacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located.


Hi all I hope everyone is doing well. This writeup is all about account take Over vulnerability by manipulating the login response.

Technical information

I have been testing for bugs in responsible disclosure programs and as usual I found a program and read all of their rule of engagements and finally decided…


Remote Code Execution

Remote code execution (RCE) refers to the ability of a cyber attacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located.


The Story of Taking over tons of users Accounts

Account Takeover

Ever since I started hacking I always wanted to make sure internet is secure. So long back I did some google Dorks and found an responsible disclosure program and I set that as my target of the week and started hacking on it.

For Google Dorks

Let’s consider the target as target.com which…

Naveen J

Security Researcher | Security Engineer | Security Nerd…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store