Bug hunting is the process of finding bugs in software or hardware. As people in the security domain, we use this term to describe the process of finding security-critical software bugs. Security-critical bugs also called software security vulnerabilities. These vulnerabilities might allow an attacker to remotely compromise systems, escalate local privileges, cross privilege boundaries, or otherwise wreak havoc on a system.
In the previous post, I started to recap the notorious web application attack, SQL Injection. And I plan to go deeper by examining its types and exploitation techniques. So, today, there is one of the techniques on the menu, Error-Based SQL injection. Ok, fasten your seat belts.
SQL Injection, my old and good friend… It has been a while since I last talked about it. And those times it opened many doors to me while performing penetration tests. When we start HackerSpot, all the team members agreed to share new articles and provide a new perspective on the major security problems. And we do. However, I think it might be better to give a start with a basic web attack. And what I have experienced recently was also a factor that pushes me to write this article. I cannot believe that I am still able to detect SQL injections in enterprise applications.
HTTP Security headers are security mechanisms that you can use to protect your web application. Those headers provide extra protection layers. This is a fundamental part of web application security. You can easily configure your web application and implement required security header information for your application. After the implementation, these security headers protect your application against the type of attacks such as XSS, code injection, clickjacking, etc.