Data integrity is one of the most critical aspects of computer systems, networking, and storage. Whenever data is transmitted or stored, there’s always a possibility that it might get corrupted due to noise, interference, or hardware failure.To detect such errors, a mechanism known as a checksum is used. This tutorial explains what a checksum is,…

1. Introduction In the world of web applications, password security is paramount. Storing user passwords directly in a database is an absolute no-go. If your database is ever compromised, those passwords become immediately available to attackers, leading to widespread account takeovers. This is where password hashing comes in, and among the strongest and most widely…

SHA-256 stands for Secure Hash Algorithm 256-bit. It is part of the SHA-2 family developed by the National Security Agency (NSA) and published by NIST (National Institute of Standards and Technology) in 2001. SHA-256: How SHA-256 Works – Conceptually SHA-256 takes an input (of any size) and processes it in the following steps: 1. Padding…

1. Overview The terms encryption and encoding are often mistakenly used interchangeably, and hashing is sometimes misrepresented as a form of encryption. These misconceptions can lead to significant errors in implementing security measures. To address this, let’s delve into a high-level overview of these concepts and clarify their distinct purposes and differences. Understanding the differences…

1. Overview Server-Side Request Forgery (SSRF) is a vulnerability where an attacker manipulates a server to make unauthorized requests to other servers, internal networks, or external systems. This vulnerability occurs when an application accepts user input to fetch a resource without properly validating or sanitizing the input. 2. Description SSRF flaws occur whenever a web…

1. Overview Security Logging and Monitoring Failures occur when applications and systems do not log security-relevant events or fail to monitor them effectively. This weakness can delay or prevent the detection of attacks, allowing attackers to exploit vulnerabilities, steal sensitive data, or disrupt systems without being noticed. 2. Description This category is to help detect,…

1. Overview Software and Data Integrity Failures occur when applications fail to verify the integrity of software updates, critical data, or code libraries. This category highlights vulnerabilities introduced by using untrusted sources or insufficient mechanisms to ensure that data or software has not been tampered with. Such failures can lead to supply chain attacks, data…

1. Overview Security Misconfiguration refers to improperly configured systems, services, or applications that leave systems vulnerable to attacks. It is one of the most common and often overlooked vulnerabilities in application security. Misconfigurations can occur at any layer of the application stack, including network, web server, database, API, or application frameworks. These errors are typically…

1. Overview A new category for 2021 focuses on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures. As a community we need to move beyond “shift-left” in the coding space to pre-code activities that are critical for the principles of Secure…

1. Overview Injection vulnerabilities occur when an attacker sends malicious input into an application, causing it to execute unintended commands or access unauthorized data. This type of vulnerability is one of the most severe and prevalent in web applications and other software systems. Injection attacks exploit the application’s failure to properly validate or sanitize user…