CRLF Injection and HTTP Response Splitting Vulnerability

When a browser sends a request to the server, the server response contains HTTP headers along with HTML response, i.e., the actual website content. Between HTTP headers and HTML responses, there is a special combination of characters that separate them. These characters are called as a carriage return and line feed, or in short, CRLF.  Web servers use … Continued

How to choose a web application security scanner?

For the decision-makers of an organization, selecting a web application security scanner for their business can be an overwhelming process as there is a lot at stake. An efficient web application security scanner can add value to the business, while a wrong decision can have significant negative impacts on the business. In this article, we will … Continued

Automated Penetration Testing: A myth or reality?

Automation is a buzzword in many industries these days. If you have been following the cybersecurity industry lately, automated penetration tests, security automation, AppSec automation, etc. are some of the terms that have seen massive popularity in the last 1-2 years. In this article, we explore whether automated penetration testing is a myth or reality.  DAST … Continued