Security

HTB is the leading Cybersecurity Performance Center for advanced frontline teams to aspiring security professionals & students. Start driving peak cyber performance.

Blue team training platform for SOC analysts, threat hunters, DFIR, and security blue teams to advance CyberDefense skills.

Website with the collection of all the cheat sheets of the project.

Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.

Website with the collection of all the cheat sheets of the project.

Question : What is the maximum number of characters an email address can have?

Here we go through some of the essential protocols required for robust API security.

We go through the fundamentals of API security, including best practices and key considerations for developers and businesses.

Researchers uncover a new DoS attack vector targeting UDP-based application protocols, potentially endangering hundreds of thousands of hosts.

The following is a true story. Or maybe it’s just based on a true story. Perhaps it’s not true at all.

A web application frontend often performs requests to a backend API. Even though this API is only supposed to be used by the frontend, it is usually also accessible with a browser. An attacker can use this to exploit vulnerabilities.

How do you identify vulnerable code patterns? Can you spot insufficient input validation? Enhance your Node.js development security with this guide to secure code review.

Ephemeral infrastructure's transient nature has afforded it a 'free pass' on forensic examination in the past, but that window is closing.

A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.

Serverless computing has revolutionized the way applications are built and deployed in the cloud. By abstracting away servers, serverless…

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.

This manual describes common security problems in web applications and how to avoid them with Rails.After reading this guide, you will know: All countermeasures that are highlighted. The concept of sessions in Rails, what to put in there and popular attack methods. How just visiting a site can be a security problem (with CSRF). What you have to pay attention to when working with files or providing an administration interface. How to manage users: Logging in and out and attack methods on all layers. And the most popular injection attack methods.