10 Reasons Wordpress Sites Get Hacked and How to Avoid Them

WordPress, the most popular CMS platform among business owners, and hackers' most favorite platform to mess up. Therefore, it is recommended to choose a reputable hosting provider that offers premium security to keep your site safe from getting hacked. There have been a lot of data breaches in recent times. Beyond the big names, even small business owners lost their value. Security breaches, unfortunately, are quite real.

Feature/Permission Policies Overview

It's already challenging enough to create a website that is blazing fast, adheres to all the latest best practices and offers optimal experience for various network conditions and device types. As the website and its codebase evolves over time, it can become even harder to maintain the desired user experience over time. To prevent UX deterioration, it’s often a good idea to place guardrails which ensure that crucial website elements, such as images, hold to a certain criteria. In this article, we are going to look at a robust mechanism which helps to steer your website in the right direction - an HTTP header called Feature Policies.

The Benefits of SSL Certificates on SEO & Organic Traffic

Google takes over 200 various factors for determining the website rankings in a SERP. One of the key and crucial factors is website security. If you want your website to be displayed higher in SERPs, then you must give due importance to the online security of users who’ll be visiting your site.

Accessing the website directly through its IP address, a case

You may have heard the expression: hiding in plain sight. And specifically in IT security there is another expression: security through obscurity. This article will be my experience with a bug where one could argue that it was the case of security through obscurity, but it could have been a coincidence. This will be a story of me stumbling onto sql injection (a simple login bypass which logged me into admin panel), but not in a usual way.

Upload to the future

A bit of an odd title, eh? Either way, this article will be about a very peculiar bug that I discovered somewhat recently, where it was possible to overwrite user’s/victim’s profile images.

Cache Poisoning with XSS, a peculiar case

You have heard of the cache poisoning, a bug that had existed for far longer than most of people have been aware, as in many other cases of…

Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass

Use the source… of a html page It happens that from time to time you get stuck during bug hunting. You visit the website that is in scope, and you look around it, you check what burp proxy history logs, and there’s nothing there. That is, nothing obvious. And, at times, you may stop there. Especially if you’re early on your journey like I was some time ago.

False2True, Match and Replace bug hunting 

False positives are a bane of… well, everything. Scientists have to deal with it, and so do pentesters and bug bounty hunters.