Showing posts from August, 2023

The Crucial Role of White Hat Hackers and Crowdsourced Platforms in Enhancing Online Security

In today's digital world, ensuring the security of our online environments is crucial. With cyber threats becoming increasingly common, ethical hackers and innovative platforms such as Bugcrowd and HackerOne have formed a unique partnership shaping cybersecurity's future. These platforms act as virtual battlegrounds where security experts, known as white hat hackers, utilize their skills to strengthen digital defenses and protect sensitive information.  Today's article may focus more on opinions than technical details, aiming to inform rather than document. This is because many people are unaware that these facts exist. We live in a time when being a "hacker" can be a legitimate profession. It serves the greater good and helps us navigate the applications we use daily. It's important that we put an end to the negative perception associated with the "Hacker" word. Empowering Ethical Hackers: Ethical hackers, known as white hat hackers, use their techn

Installing Docker engine for Linux distributions

I recently started a brief project involving docker containers and their "network" capabilities. It is exciting to delve into the topic, and I decided to share the steps where I find I've needed help to maybe aid others in my position. So, to start this set of articles, we will do it from the beginning. Installing Docker on our Linux distro of preference. Installing a program on Linux may be challenging, but overall, it is easy. This is typically done through the package manager specific to the distro. Here, I list instructions from a few popular Linux distros. I have already used the commands to install and enable my Docker. However, I kept getting an error regarding permission denied. Remember to add your user to the docker group to be able to run Docker commands without using sudo: Please note that these instructions are general guidelines and may have slight variations depending on your specific Linux distribution and version. You should r

Stored XSS

Recapping our previous article's dive into the world of XSS basics, we covered the three main types: DOM-based, stored, and reflected XSS; we're now ready to zoom in on one particular type. The Stored Cross-Site Scripting, also known as Persistent XSS. Don't worry if the name sounds daunting; in this article, we'll break it down into simple pieces. Imagine a puzzle – we'll assemble the parts of Stored XSS, explain it in everyday developer terms, and even walk you through a real-life example to make it crystal clear. Definition Stored XSS is a type of security flaw that occurs when a web application allows malicious code to be injected and stored on the server, then causing it to execute on retrieval by the user that enters an exploited website. Malicious code then runs on the browser as it does its job by rendering the website directly from the server. Users then fall vulnerable to having their accounts hijacked as one of the possible scenarios. Process of stored XS

Cross-Site Scripting (XSS) - Basics and Prevention

Cross-Site Scripting (XSS) is a type of web security vulnerability where malicious scripts are injected into trusted websites. Hackers take advantage of web applications with input validation or encoding errors, which can lead to security vulnerabilities. When a user visits the compromised site, the browser unknowingly executes the injected script, giving the attacker access to sensitive information, such as cookies and session tokens. There are varying degrees of complexity when it comes to exploiting XSS. The three types of XSS are DOM-based, stored, and reflected. In this brief reflection, I will focus on the fundamentals, including definitions, consequences, and prevention measures. Consequences of XSS XSS vulnerabilities can lead to several severe consequences for web applications and users: Data Theft -  Attackers can steal sensitive data, including login credentials, personal information, and financial details.  Unauthorized Access -  Malicious scripts can hijack user session