Category

security

19 posts

Server Security Best Practices — Complete Hardening Guide for Production Systems

Server Security Best Practices — Complete Hardening Guide for Production Systems

Server Security Best Practices — Complete Hardening Guide for Production Systems

Every breach post-mortem tells the same story: an unpatched service, a…

XSS and CSRF Explained — The Complete Guide with Real Attack Examples and Defenses

XSS and CSRF Explained — The Complete Guide with Real Attack Examples and Defenses

XSS and CSRF Explained — The Complete Guide with Real Attack Examples and Defenses

XSS and CSRF have been in the OWASP Top 10 for over a decade. They’re among the…

OWASP Top 10 (2021) — Every Vulnerability Explained with Code

OWASP Top 10 (2021) — Every Vulnerability Explained with Code

OWASP Top 10 (2021) — Every Vulnerability Explained with Code

The OWASP Top 10 is the industry standard for web application security risks. If…

HTTP Cookies Security — Everything Developers Get Wrong

HTTP Cookies Security — Everything Developers Get Wrong

HTTP Cookies Security — Everything Developers Get Wrong

Cookies are the single most important mechanism for web authentication. Every…

Buffer Overflow Attacks — How Memory Corruption Actually Works

Buffer Overflow Attacks — How Memory Corruption Actually Works

Buffer Overflow Attacks — How Memory Corruption Actually Works

Buffer overflows are the oldest and most consequential vulnerability class in…

Format String Vulnerabilities — The Read-Write Primitive Hiding in printf()

Format String Vulnerabilities — The Read-Write Primitive Hiding in printf()

Format String Vulnerabilities — The Read-Write Primitive Hiding in printf()

Format string vulnerabilities are unique in the exploit world. Most memory…

SQL Injection: The Complete Guide to Understanding, Preventing, and Detecting SQLi Attacks

SQL Injection: The Complete Guide to Understanding, Preventing, and Detecting SQLi Attacks

SQL Injection: The Complete Guide to Understanding, Preventing, and Detecting SQLi Attacks

SQL injection has been on the OWASP Top 10 since the list was created in 200…

Software Security in the AI Era: How to Write Secure Code When AI Writes Code Too

Software Security in the AI Era: How to Write Secure Code When AI Writes Code Too

Software Security in the AI Era: How to Write Secure Code When AI Writes Code Too

In 2025, 72% of professional developers used AI-assisted coding tools daily. By…

Building a Vulnerability Detection System That Developers Actually Use

Building a Vulnerability Detection System That Developers Actually Use

Building a Vulnerability Detection System That Developers Actually Use

Here’s a stat that should concern every security team: 73% of developers say…

Cyberark Rest API Certificate based Authentication - Curl Command to Fetch Credentials

Cyberark Rest API Certificate based Authentication - Curl Command to Fetch Credentials

Cyberark Rest API Certificate based Authentication - Curl Command to Fetch Credentials

Introduction Cyberark kind of tools are a must for security in your…

Understanding Zero-day Exploit of Log4j Security Vulnerability and Solution (CVE-2021-44228, CVE-2021-45046)

Understanding Zero-day Exploit of Log4j Security Vulnerability and Solution (CVE-2021-44228, CVE-2021-45046)

Understanding Zero-day Exploit of Log4j Security Vulnerability and Solution (CVE-2021-44228, CVE-2021-45046)

Introduction On 9th December 2021, an industry-wide vulnerability was discovered…

Dockerfile for building Python 3.9.2 and Openssl for FIPS

Dockerfile for building Python 3.9.2 and Openssl for FIPS

Dockerfile for building Python 3.9.2 and Openssl for FIPS

Introduction In previous posts, we saw how to build FIPS enabled Openssl, and…

How to Patch and Build Python 3.9.x for FIPS enabled Openssl

How to Patch and Build Python 3.9.x for FIPS enabled Openssl

How to Patch and Build Python 3.9.x for FIPS enabled Openssl

Introduction In this post, we will see Python 3.9.x patch for FIPS enabled…

How to build FIPS enabled Openssl in docker

How to build FIPS enabled Openssl in docker

How to build FIPS enabled Openssl in docker

Introduction In this post, we will see how we can build FIPS enabled openssl in…

How to Patch and Build Python 3.7.9 for FIPS enabled Openssl

How to Patch and Build Python 3.7.9 for FIPS enabled Openssl

How to Patch and Build Python 3.7.9 for FIPS enabled Openssl

Introduction In this post, we will see Python 3.7.9 patch for FIPS enabled…

How to Renew Lets Encrypt SSL Certificate

How to Renew Lets Encrypt SSL Certificate

How to Renew Lets Encrypt SSL Certificate

Introduction to problem This post is applicable for those who has already an SSL…

How to renew SSL certificate from Lets-encrypt when your website is using cloudflare

How to renew SSL certificate from Lets-encrypt when your website is using cloudflare

How to renew SSL certificate from Lets-encrypt when your website is using cloudflare

Lets-Encrypt SSL Certificate Useful Commands

Lets-Encrypt SSL Certificate Useful Commands

Lets-Encrypt SSL Certificate Useful Commands

You might need to put sudo before above command. The command will show details…

Lets Encrypt SSL Error: The client lacks sufficient authorization 403 Forbidden

Lets Encrypt SSL Error: The client lacks sufficient authorization 403 Forbidden

Lets Encrypt SSL Error: The client lacks sufficient authorization 403 Forbidden

This is due to our web server are configured to deny accessing this directory…