Hi Friends,

I sat to pen down regarding SQL Injection. Being the topmost finding in OWASP's top 10, the definition and description of SQL Injection and many exercises for hands-on are available online, one being PORT SWIGGGER LABS. I’ve come across SQL injection in a RUBY ON RAILS code which made me share few points regarding it. Let’s dive into the code snippet.

Code Snippet

def update
message = false
user = User.where("id = '#{params[:user][:id]}'")[0]if user user.update(user_params_without_password) if params[:user][:password].present? && (params[:user][:password] == params[:user][:password_confirmation]) user.password = params[:user][:password] end message = true if user.save! respond_to do |format| format.html { redirect_to user_account_settings_path(user_id…

This article is just an example of Directory Traversal with a program in the GO language. For those of you who are new to Directory Traversal here it is.

Path Traversal/Directory Traversal is also known as a dot dot slash attack. The attacker takes advantage of a file path exposed in the software and under user control, to traverse through the application directories and expose or overwrite any sensitive system files.

Code snippet:

In the above code snippet, it is self-explanatory that a File is being created in .list1/images path and there are no validations being performed. …


JAVA…JAVASCRIPT.

Even though they are completely different languages one for server-side development and the other for client-side. How grateful would it be if java code executes inside javascript and vice-versa? Of course, the results would be awesome!!! Let’s get straight into the concept now. Have you heard of Nashorn ??

Nashorn is the high-performance JavaScript engine developed in Java. It allows the developer to execute JavaScript in Java and vice versa. After Java SE 7, Nashorn has become the official JavaScript engine and all JDKs are shipped with it. …


Basically Cross-Site scripting is injecting the malicious code into the websites on the client-side. This vulnerability normally allows an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform and access any of the user’s data.

The main focus of writing this article is whether XSS happens if the Content-type is set to JSON!!!!!

Before I go further, I want to define JSON: JavaScript Object Notation (JSON) is a simple, text-based data transfer format that is used to transmit data between a server and a client, an efficient transport mechanism in…


The other day while I was on a conflict resolution call with my development team to fix security issues, the two developers started comparing the speed of the products they were developing while we are discussing the performance-related issues of the application. One developer says, “Our app runs fast if we cache all the session data”. The other says “It’s better to use Cookie side storage to get rid of server load”. This led me to do a little research on types of session storage.

Express.js is a framework based on node.js for building web-applications. In the Express.js session can…

Koumudi Garikipati

Hungry for knowledge in Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store