Published inInfoSec Write-upsThreat Modeling 102: Applying STRIDE to Payments ArchitectureCredit : This solution is my solution to the Threat Modeling exercise provided in the repository Security Engineering Training, created by…Sep 12Sep 12
Published inInfoSec Write-upsThreat Modelling 101: Mapping OWASP Top 10 to STRIDEThis blog provides only the foundational overview of threat modelling concepts including OWASP top 10 2024 mapping to STRIDE. It serves as…Aug 13Aug 13
Generative AI Web App using Python Flask with Amazon BedrockIn this blog , let’s create a generative AI-enabled web application from scratch using Python Flask. The application will provide a cloud…Jul 3Jul 3
How Yoga & Ayurveda Helped Me To Handle BurnoutAs a member of the infosec community, I have observed that many individuals are experiencing exhaustion and burnout for various reasons…Mar 22, 20233Mar 22, 20233
Published inInfoSec Write-upsAlibaba Cloud WAF Command Injection Bypass via Wildcard Payload in All 1,462 Built-in Rule SetAlibaba WAF version 3.0 was tested and very common payload was found bypassing command injection.Mar 17, 2023Mar 17, 2023
Published inInfoSec Write-upsHTML and Hyperlink Injection via Share Option In Microsoft Onenote ApplicationHyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. HTML injection attack is injecting HTML…Jun 28, 20221Jun 28, 20221
Published inInfoSec Write-upsKubernetes 101 | Setting up Kubernetes Cluster LocallyThis blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s.Jun 1, 2022Jun 1, 2022
Published inInfoSec Write-upsModule-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit1. Setting up Vulnerable Application For AWS WAFMay 25, 20222May 25, 20222
Published inInfoSec Write-upsModule-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & ProfitQ. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with…May 25, 2022May 25, 2022
Published inInfoSec Write-upsSecure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection FlawsBased on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection FlawsMay 25, 2022May 25, 2022