Finding a Subdomain Takeover via CNAME Misconfiguration
Introduction During reconnaissance, I discovered a subdomain takeover vulnerability caused by a misconfigured DNS record pointing to an inactive third-party service. This misconfiguration allowed the possibility for an attacker to claim the resource and host malicious content under the organization’s domain. Subdomain takeover vulnerability occurs when a subdomain points to an unclaimed external service. Learn how it […]
File Upload Vulnerability
Introduction File upload functionality One of the most prevalent features in contemporary web apps is file upload functionality, which is also one of the riskiest when not used properly. I found a high-impact vulnerability during a recent security audit that started with a seemingly innocuous feature: uploading profile images. identifying dubious redirection in order to […]
Page Object Model Explained: What It Is, How It Works, and Why Your Tests Need It
I remember the first time a UI change broke 34 tests at once. The developer had renamed one input field — just the ID, nothing visible changed for users — and my entire login suite went red. Two hours of find-and-replace later, everything was green again. A week after that, a different field changed. Another […]
Ultimate Guide to Correlation in Apache JMeter Using JSON and RegEx Extractors
If you’ve spent any time load testing APIs with JMeter, you’ve probably run into this problem: your script works perfectly on the first request, then falls apart on the second. Nine times out of ten, the culprit is a dynamic value — something like a session token or request ID that the server generates fresh […]
API Testing for Beginners: A Practical Guide with Examples and Tools
Meta Description: API Testing for Beginners is a practical guide that explains what API testing is, why it matters, common API testing types, useful tools like Postman, and how beginners can start validating APIs effectively For anyone learning API testing for beginners, understanding how systems communicate behind the UI is essential. This article explains what […]
JAVASCRIPT EXECUTOR IN SELENIUM
INTRODUCTION Whenever we use selenium WebDriver ,we normally interact with webelements using methods like click(),sendkeys(),findElements() e.t.c .Sometimes WebDriver is not able to interact with certain elements due to following reasons like the element is hidden or element is overlapeed with other element or the page has dynamic content (like popups) .In such cases selenium provides […]
USA