Browsed by
Author: bmacharia

Spring Boot Authentication and Authorization

Spring Boot Authentication and Authorization

Spring Boot is an open source Java-based framework that is widely used to create enterprise level microservices. Implementing secure authentication and authorization in such microservices brings up a new set of challenges to developers. Spring Security comes in handy by providing a powerful, secure and customizable authentication and authorization framework. Spring Security makes use of a Role Based Access Control (RBAC) model to help mitigate some of the inherent Authentication and Authorization security threats such as violation of least privilege…

Read More Read More

Authentication Bypass Through PHP Type Juggling

Authentication Bypass Through PHP Type Juggling

PHP supports two common ways of comparing variables. One way is through loose comparison (== or !=) and the other is through strict comparison (=== or !==). Loose comparison checks whether both variables have “the same value” while strict comparison confirms if both variables have “the same type and value”. PHP type juggling vulnerabilities arise when loose comparison is employed instead of strict comparison in an area where the attacker can control one of the variables being compared. Illustration When…

Read More Read More

Exploiting Time-Based Blind SQL Injection With SQLMap

Exploiting Time-Based Blind SQL Injection With SQLMap

In this post, I will share details about a time-based blind SQL injection vulnerability I found on a private bug bounty program through HackerOne. This was also my first bug bounty on the platform. From this post by Acunetix, SQL Injection vulnerabilities can be classified into three major categories:- In-band SQL Injection, Inferential SQL Injection and Out-of-band SQL Injection. Types of SQL Injections In-band SQL injections allow the attacker to use the same communication channel to both launch the attack…

Read More Read More