Beyond the Password: Advanced Authentication Testing Techniques for Modern Applications 文章探讨了现代应用中身份验证测试的重要性。传统方法仅关注密码强度，而现代威胁需要更全面的安全措施。文章强调了多因素认证（MFA）、会话管理、令牌安全和Bot防护等关键领域，并指出传统测试往往忽视这些复杂环节。AppSec Labs通过深入测试和定制化方法帮助组织提升安全性。... 2025-7-3 15:16:14 | 阅读: 13 | 收藏 | Comments on: - appsec-labs.com appsec recaptcha spas captcha

Web Services Testing: Safeguarding Your Web Applications Against XXE Attacks 文章探讨了Web服务测试在防范XXE注入攻击中的重要性。XXE注入通过利用未正确配置的XML解析器执行恶意操作。文章介绍了检测XXE的关键测试组件，包括信息收集、WSDL分析、XML结构验证等，并通过案例说明全面测试对保障Web服务安全的作用。... 2025-6-8 07:43:23 | 阅读: 12 | 收藏 | Comments on: - appsec-labs.com injection wsdl soapenv replay

The Ultimate Guide to Securing Applications Through Software Security Testing 软件安全测试是保护应用程序免受漏洞和网络攻击的关键。文章介绍了常见漏洞类型（如注入攻击、XSS、认证问题等）及推荐的测试方法（如SAST、DAST、IAST、SCA等），强调通过全面的安全测试策略保障数据安全和用户信任。... 2025-6-8 07:27:16 | 阅读: 13 | 收藏 | Comments on: - appsec-labs.com security dast software analysis

PHP Security Code Review Cheat Sheet 这篇文章总结了PHP开发中常见的安全漏洞及其风险，包括文件包含（LFI/RFI）、命令执行、文件I/O操作、SQL注入、跨站脚本（XSS）、XML外部实体（XXE）等，并提供了相应的代码示例和测试方法。... 2025-2-10 13:21:30 | 阅读: 4 | 收藏 | Comments on: - appsec-labs.com php passwd username inclusion whoami

Still Using SSRF to Take Over Cloud Deployments Once Again How Server-Side Request Forgery Can Lead to Full Cloud Compromise – and What You Can Do Ab... 2025-1-16 10:47:45 | 阅读: 5 | 收藏 | Comments on: - appsec-labs.com ssrf cloud imdsv2 ec2 attackers

ReDoS How a Simple Test Brought Down a Server You sanitized your input fields f... 2024-12-29 09:41:44 | 阅读: 2 | 收藏 | Comments on: - appsec-labs.com payload python attackers chose leaves

Hacking Android Apps Through Exposed Components by Tal MelamedIn almost every Android application, developers expose activities wi... 2024-12-25 10:35:18 | 阅读: 2 | 收藏 | Comments on: - appsec-labs.com appsec drozer receiver broadcast exposing

Cryptography as a Solution – Using Advanced Techniques for Data Protection In the world of information security it is highly advised to implement security soluti... 2024-12-24 15:11:48 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com encryption client security symmetric pinning

Secure Development Lifecycle for Open Source Usage PrefaceHow do we adjust the SDL (Security Development Lifecycle) process for the growing use of open... 2024-12-24 15:0:24 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com security sdl stage development analysis

Sandwich Attacks: From Reset Password to Account Takeover Once Upon a Password Reset…You’ve just forgotten your password for a website. No big dea... 2024-12-18 07:32:42 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com uuid1 victim clock attacker uuids

Firestore White Box Security Review Checklist IntroductionSecuring your application’s Firestore database is crucial for protecting... 2023-2-7 15:51:0 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com firestore security firebase database

Firestore Database – Black Box Security Testing Guide –  Go Beyond *.firebaseio.com/.json Firestore security is an important topic for modern applications. Its wide usa... 2022-10-9 14:8:0 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com firestore firebase database cloud

A Guide For Advanced Message Protected API Hacking Using Hackvertor and Burp (Part #2) More up-to-date Hackvertor game-changer techniques, code examples, and tips for advanced... 2021-11-16 14:46:0 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com burp hv python hackvertor client

Advanced Testing Of Web Application With Custom Message Signing Using Hackvertor (Part #1) IntroductionMany of us have probably been faced with testing an application with cus... 2020-12-7 14:56:0 | 阅读: 0 | 收藏 | Comments on: - appsec-labs.com hackvertor burp payload client proxy

Firebase Applications – The Untold Attack Surface IntroductionIn this blogpost, we will review some of the basic components of a Firebas... 2020-9-14 06:43:0 | 阅读: 2 | 收藏 | Comments on: - appsec-labs.com firebase firestore security client

Pwning PHP Internals for fun and non-profit IntroductionIn this post, I will show something that I found in PHP’s source code and affects all v... 2020-06-24 14:26:42 | 阅读: 26 | 收藏 | appsec-labs.com php extractto attacker victim ziparchive

Understanding the Android clearTextTrafficPermitted Flag IntroductionThe cleartextTrafficPermitted flag is one of the options in Android’s Network Secur... 2020-06-15 23:58:11 | 阅读: 21 | 收藏 | appsec-labs.com network workshttp security library okhttp

Angular Template Injection without Quote Characters 16/03/2020/in General, Hacking, Vulnerabilities /IntroductionWhen y... 2020-03-16 16:53:29 | 阅读: 26 | 收藏 | appsec-labs.com angular payload appsec injection

Frida CheatSheet for Android Printing all the loaded classesJava.perform(function(){Java.enumerateLoadedClasses({"onMatch":fun... 2017-07-26 04:17:07 | 阅读: 25 | 收藏 | appsec-labs.com mymethod1 appseclabs appname onmatch

Brute Force Prevention Following the first part of the article, which explained the brute-force attack and its different te... 2017-05-08 16:20:09 | 阅读: 18 | 收藏 | appsec-labs.com captcha locking telephone security