A guide on how to fix your vulnerable WordPress website. — Introduction One of the first things you do when auditing a WordPress website is checking for ways to enumerate the admin username. …

An Explanation with a Real Life Example — When I was trying to learn what CSRF is during my educational days, all I could find was theoretical stuff with examples of Bob and Alice and their transactions, which was good enough for the time being but not in gaining an idea of the real world approach to this…

Something rather simple, yet potentially critical that a developer should take note of. — TL;DR: Improper configuration of robots.txt and the web server, resulted in me getting access to my client’s highly sensitive files containing the transaction details of around 16,000 customers each. Introduction This time around, it is not a price manipulation vulnerability like in the last story, rather it is a combination of…

And what you can do to be more secure. — TL;DR: While pen-testing one of Astra’s customers, I found a way to change their set shipping charge to zero by manipulating the parameters in the POST request, and successfully make the order to any country of my choice. Introduction As an Information Security Analyst at Astra, I get to deal with…