CRLF is the acronym used to refer to Carriage Return (\r) Line Feed (\n). As one might notice from the symbols in the brackets, “Carriage Return” refers to the end of a line, and “Line Feed” refers to the new line. Hence, both CR and LF are used to denote the ending point of a line. When a user requests content on a website, the server returns the website content along with the HTTP headers. The headers and the contents are separated by a defined combination of CR and LF. It is because of CRLF that a server knows where a new header begins or ends. A Carriage Return Line Feed (CRLF) Injection vulnerability is a type of Server Side Injection which occurs when an attacker inserts the CRLF characters in an input field to deceive the server by making it think that an object has terminated and a new one has begun. This happens when the web application doesn’t sanitize user input for CRLF characters. It has a medium severity rating (P3 according to Bugcrowd’s VRT)....
In this article, we will discuss one of the most seen vulnerabilities in web-based applications, which is — Reflected XSS....
In this article, we will be understanding one of the types of Cross-Site Scripting in-depth i.e DOM-based XSS. Let’s discuss it one by one as follows....
In this article, we are going to learn about one more attack vector in detail which are very important to learn in this world of lots of Web and Mobile Apps....
Blind XSS is quite similar to stored Cross-Site Scripting attack where the input provided by the attacker is saved or stored by the web server and this stored input is reflected in various other applications which are linked with each other. It only triggers when the attacker’s input is stored by the web server in a database and executed as a malicious script in another part of the application or another application....
In this series of articles, we will cover the details about Facebook API in depth. We will learn what setup we need to use the API and how to make everything get going for the API to work. So, Let’s skip the Introduction and Jump on to the details of the API....
Social media websites were initially designed to confined user experience within four walls of their web page. However, to increase their user base and to expand beyond only desktop accessible websites, these social networks started developing API....
After having so much discussion about API Keys and OAuth Credential, in this article, we will focus on which one is better from security and privacy point of view. But before proceeding further let’s first recall what does Authentication and Authorization means?...
In this article, we will understand one of the types of Cross-Site Scripting in-depth, i.e. Stored XSS....
It is a program that is designed to record any input entered by the user from the keyboard. It is also used in organizations to troubleshoot some problems related to technology. The keylogger is also used by the family to monitor the activities of the user without the user’s direct knowledge....