Abhinav – WindowsTechs.com

Is sql injection possible here ? or I can consider this as safe? [closed]

Posted on September 27, 2023 by Abhinav

This is my code in phpm I was wondering if there is a way to bypass sql protection, because everything is already blocked.
Is this secure?
$max = 10;

if (isset($_GET[‘max’]) && !is_array($_GET[‘max’]) && $_GET[‘max’]>0)… Continue reading Is sql injection possible here ? or I can consider this as safe? [closed]→

Preventing Signup API abuse from botnet

Posted on September 16, 2022 by Abhinav

I am working on an e-commerce website, wherein make use of mobile OTP authentication for new signups. We have a fair bit of protection against bots and malicious actors by using aggressive rate limiting and firewalls to protect our APIs an… Continue reading Preventing Signup API abuse from botnet→

Preventing Signup API abuse from botnet

Posted on September 16, 2022 by Abhinav

Employee uploaded proprietary private repository on his github public account

Posted on April 13, 2022 by Abhinav

A newly joined software engineer in our organization uploaded one of company’s proprietary git repository on his personal Github public account, likely without nefarious intent.
How do I ensure this won’t happen again in future? Apart from… Continue reading Employee uploaded proprietary private repository on his github public account→

Authorization Header in dev tools

Posted on July 14, 2020 by Abhinav

My web application need to make call to 3rd party REST API which is protected by Basic authentication on some user click. We are planning to use a technical user for the call.
This will expose the Authorization header in network call in br… Continue reading Authorization Header in dev tools→

OAuth – How does the Resource Server validate the access token is not for any other Resource Server?

Posted on June 21, 2018 by Abhinav

Let’s take an example where there are two resource servers – RS1 and RS2 and there is one authorization server – AS.

Both resource servers – RS1 and RS2 use authorization server – AS

If a client requests an access token for… Continue reading OAuth – How does the Resource Server validate the access token is not for any other Resource Server?→

Need of scope in OAuth Client Credentials Flow

Posted on June 14, 2018 by Abhinav

For me, Client Credential flow is like client is asking access token for itself – not on behalf of some user.

Then, why would client like to limit its own scope? What is the benefit of scopes in client credential flow?

… Continue reading Need of scope in OAuth Client Credentials Flow→

Is Open Port 25 on Web Server dangerous?

Posted on July 17, 2017 by Abhinav

Port 25 of a web server is open. We dont have any email server, since we use google mail server, but still port 25 is open. Is it dangerous to keep it open?

If it can be attacked then how it can be attacked?

Continue reading Is Open Port 25 on Web Server dangerous?→

Does netdiscover spoofs ip address?

Posted on May 13, 2017 by Abhinav

I am trying to discover hosts in my network. So I have connected external TPLINK wireless card to my virtual computer for internet and when I do ifconfig, it gives me IP address, 192.168.2.6

I used netdiscover and works perf… Continue reading Does netdiscover spoofs ip address?→

wireless security – Authentication and Association

Posted on May 3, 2017 by Abhinav

I am trying to learn wireless security a bit more technically but resources out there on the net are so confusing. Here is my understanding.

There are two types of Authentication:

1) Open System Authentication

2) Shared Key Authenticat… Continue reading wireless security – Authentication and Association→