Skip to main content

Posts

Showing posts with the label Web Security

Cookies and Sessions Explained (2026): Web Security Fundamentals for Beginners

  Introduction When you log into a website and stay logged in without entering your password again, it is not magic—it is handled by cookies and sessions. Understanding how cookies and sessions work is essential for learning web security, ethical hacking, and penetration testing. This guide explains these concepts in a simple and practical way. What are Cookies Cookies are small pieces of data stored in your browser by a website. They are used to remember user information such as login status, preferences, and tracking data. Key Features of Cookies Stored on the client (browser) Sent with every HTTP request Can store session identifiers Used for tracking and authentication What are Sessions Sessions are server-side storage mechanisms that keep track of a user’s activity. Instead of storing sensitive data in the browser, sessions store it securely on the server. Key Features of Sessions Stored on the server Identified by session ID More secure than cookies Used for authentication ma...

HTTP vs HTTPS Explained (2026): Complete Guide to Secure Web Communication

  Introduction Modern web application testing is incomplete without Burp Suite. It is one of the most widely used tools for analyzing, intercepting, and modifying HTTP requests. This Burp Suite Tutorial 2026 will guide you through its core features and how to use it in real-world cybersecurity and penetration testing. What is Burp Suite Burp Suite is a web security testing platform used by ethical hackers to identify vulnerabilities in web applications. It acts as a proxy between your browser and the target website, allowing you to inspect and manipulate traffic. Why Burp Suite is Important Intercept HTTP/HTTPS requests Modify requests and responses Test authentication systems Discover web vulnerabilities Installation Burp Suite is pre-installed in Kali Linux. For other systems, download it from the official website. Setting Up Burp Proxy Step 1: Open Burp Suite Launch the application and select “Temporary Project”. Step 2: Enable Intercept Go to Proxy → Intercept → Turn ON. Step ...

Nikto Web Scanner Tutorial 2026: Complete Guide for Web Security Testing

  Introduction Web security testing is an essential part of cybersecurity, and automated tools play a key role in identifying vulnerabilities quickly. Nikto is one of the most effective open-source tools used for scanning web servers and detecting security issues. This guide explains how to use Nikto step by step, making it ideal for beginners in penetration testing and ethical hacking. What is Nikto Nikto is an open-source web server scanner designed to detect vulnerabilities, outdated software, and misconfigurations. It performs comprehensive tests against web servers and identifies potential security risks. Nikto is widely used in penetration testing tools and vulnerability scanning processes. Why Use Nikto Detect outdated server software Identify common vulnerabilities Find misconfigurations in web servers Perform automated web security scanning Installation Install Nikto on Kali Linux: sudo apt install nikto Check version: nikto -Version Basic Nikto Commands 1. Scan a Websit...

WhatWeb Guide (2026): Identifying Website Technologies Like a Pro

  Welcome back to CyberShield! Amra ager post-e Nmap diye network scanning shikhechi. Kintu jokhon apnar target ekti website hoy, tokhon shudhu port scan korle hoy na; apnake jante hoy shei site-ti kon technology diye toiri. Ajke amra ekti powerful reconnaissance tool niye alochona korbo, jar nam holo WhatWeb . WhatWeb Ki? WhatWeb holo ekti open-source "Next-generation web scanner." Eti ekti website-er technology stack identify korte babohar kora hoy. Mane, ekti site kon CMS (Content Management System), kon web server, kon programming language, ebong kon kon plugin babohar korche, ta WhatWeb ekti command-er maddhome bole dite pare. WhatWeb Keno Babohar Korben? Passive Reconnaissance-er khetre WhatWeb khub-i guruttopurno. Eti diye niche-r jinish gulo khuje paoa jay: CMS Discovery: Site-ti ki WordPress, Joomla, naki Drupal? Web Server Information: Server-ti ki Apache, Nginx, naki Microsoft-IIS? Frameworks: Site-ti ki React, Vue.js, naki Laravel babohar korche? Plugins ...

Google Dorking Guide (2026): Using Advanced Search to Discover Hidden Information

Welcome back to CyberShield! Search engines are more powerful than most people realize. Beyond regular queries, they can reveal deeply indexed content that is not easily visible through normal browsing. In cybersecurity, this technique is known as Google Dorking . It allows researchers to uncover publicly exposed data using advanced search queries without ever directly interacting with the target's server. What is Google Dorking? Google Dorking refers to the use of advanced search operators to locate specific types of information within search engine indexes. Instead of performing simple keyword searches, users apply structured queries to filter results and uncover hidden or sensitive data that was never meant to be public. Why It Matters in Security Testing For penetration testers and bug bounty hunters, this technique is a vital part of passive reconnaissance . It helps to: Identify exposed files and directories: Finding folders that should be private. Discover forgotten or unl...

HTTP Security Headers: The Invisible Shield for Your Website (2026 Guide)

  Welcome to the 19th part of our Cybersecurity series! We have learned about many active attacks like XSS, CSRF, and SSRF. But did you know that you can prevent many of these attacks just by adding a few lines of configuration to your server? Today, we are talking about HTTP Security Headers . What are HTTP Security Headers? When you visit a website, the server sends a response. Along with the content (HTML), it sends "Headers"—hidden instructions for the browser. Security Headers tell the browser how to behave securely, preventing hackers from exploiting common web flaws. Top 5 Security Headers Every Site Needs To get an "A+" grade in security audits, you must implement these headers: 1. Content Security Policy (CSP) This is the most powerful header. It tells the browser which sources of scripts, images, and styles are trusted. Prevents: Cross-Site Scripting (XSS). Example: Content-Security-Policy: default-src 'self'; (Only allow content from the same...

Burp Suite for Beginners: The Ultimate Tool for Web Hacking (2026 Guide)

  Welcome to the 17th part of our Cybersecurity series! We have discussed many vulnerabilities like SQLi, XSS, and SSRF. But to find these bugs in the real world like a professional, you need to master one specific tool: Burp Suite . What is Burp Suite? Burp Suite is an integrated platform for performing security testing of web applications. It acts as an Interception Proxy between your browser and the target web server. This allows you to pause, inspect, and modify the data (HTTP requests) before it reaches the server. Key Components of Burp Suite To be a successful Bug Bounty hunter, you must understand these core tabs: Proxy: The heart of Burp. It lets you intercept and modify requests and responses. Repeater: Allows you to send a single HTTP request repeatedly with manual modifications to test how the server reacts. Intruder: Used for automated attacks like brute-forcing passwords or fuzzing for hidden directories. Decoder: A handy tool to quickly encode or decode data (B...

Broken Access Control: Exploiting Insecure APIs (2026 Guide)

  Welcome back to our Cybersecurity series! In our 4th post, we discussed the basics of IDOR. Today, for our 15th post, we are leveling up to explore a more sophisticated side of Broken Access Control: Insecure API Exploitation . As modern web applications move towards a "Mobile-First" or "Single Page Application (SPA)" architecture, APIs (Application Programming Interfaces) have become the primary target for hackers. What is an Insecure API? An API is a bridge that allows different software components to communicate. If this bridge doesn't have a security guard (Authorization), an attacker can send malicious requests to the API and trick the server into leaking sensitive data or performing unauthorized actions. Common API Vulnerabilities BOLA (Broken Object Level Authorization): Similar to IDOR, but specifically targeting API endpoints like /api/v1/users/123 . BFLA (Broken Function Level Authorization): When a regular user can access administrative API functi...

Security Misconfiguration: The Silent Risk Behind Most Web Breaches (2026 Guide)

Introduction In modern web and cloud environments, not every security issue comes from complex exploits. In fact, many real-world breaches happen due to simple configuration mistakes. This is known as Security Misconfiguration — a silent but extremely dangerous vulnerability. What is Security Misconfiguration? Security Misconfiguration occurs when a system, server, application, or cloud service is not properly configured in a secure way. Even if the application code is secure, incorrect settings can expose sensitive data or even full system access. Why Does It Happen? Security misconfiguration usually occurs due to: Default Settings Left Unchanged Using default credentials like: admin/admin root/root Unused Services Still Active Exposed endpoints such as: /admin /debug unused ports or APIs Verbose Error Output Technical errors revealing: file paths database structure system information Missing Security Headers Lack of protections like: HSTS Content Security Policy (CSP) Cloud Storage M...

Information Disclosure Explained: How Websites Accidentally Expose Sensitive Data (2026 Guide)

  Introduction While testing web applications, not every vulnerability immediately leads to exploitation. However, small leaks of information can be just as dangerous. This is where Information Disclosure comes into play. It is one of the most common issues in modern web applications and often serves as the starting point for more serious attacks. What is Information Disclosure? Information Disclosure occurs when a web application unintentionally exposes sensitive or internal data to users. Although this data may not directly compromise the system, it provides valuable insights that attackers can use to plan further attacks. Types of Sensitive Information Exposed Web applications may leak different kinds of useful data: Server and Software Details Version numbers of servers or frameworks (e.g., Apache, PHP) that may have known vulnerabilities. Sensitive Files Files such as: Configuration files (.env, web.config) Backup files (.bak, .old) Source control directories (.git) Detailed E...

Directory Traversal Explained: Accessing Sensitive Server Files (2026 Beginner Guide)

  Introduction In web security testing, even simple mistakes can lead to serious vulnerabilities. One such issue is Directory Traversal, also known as Path Traversal. This vulnerability allows attackers to break out of restricted directories and access sensitive files stored on the server. What is Directory Traversal? Directory Traversal is a vulnerability where user-controlled input is used to access files without proper validation. As a result, attackers can read files that should never be exposed, such as system configurations, application code, or user data. Understanding the Concept Many web applications load files dynamically. For example: https://example.com/view-image?filename=robot.png The server may internally look for the file like this: /var/www/images/robot.png If input validation is weak, an attacker can manipulate the request: ../../../../etc/passwd Each "../" moves one directory up. By chaining multiple traversals, the attacker can escape the intended folder a...

Brute Force Attack: Mastering Password Cracking with Hydra (2026 Guide)

Introduction In this part of the cybersecurity series, we explore one of the oldest yet highly effective attack techniques: the Brute Force Attack. We will also learn about a powerful tool called Hydra, widely used by penetration testers to identify weak authentication systems. What is a Brute Force Attack? A Brute Force Attack is a trial-and-error method used to guess login credentials by trying many password combinations. It works by systematically testing passwords from a predefined list (wordlist) until the correct one is found. What is Hydra? Hydra (THC-Hydra) is a fast and flexible password cracking tool used for testing login security. It supports multiple protocols, including: SSH FTP HTTP Telnet MySQL SMTP Security professionals use Hydra to test for weak passwords in controlled environments. Hands-on Lab: SSH Brute Force with Hydra Requirements Target IP address Username or username list Password wordlist (e.g., rockyou.txt in Kali Linux) Command Example hydra -l user -P /usr...

Server-Side Request Forgery (SSRF): A Comprehensive Guide for Beginners (2026)

Introduction In this part of the cybersecurity series, we explore one of the most critical web vulnerabilities: Server-Side Request Forgery (SSRF). With the rise of cloud platforms such as AWS, Azure, and Google Cloud, SSRF has become a high-impact vulnerability frequently targeted in bug bounty programs. What is SSRF? Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to force a server to make requests to unintended locations. In simple terms, the attacker uses the server as a proxy to access internal or restricted resources. How SSRF Works Many applications fetch data from external URLs. For example: fetch("https://trusted-site.com/data.json") If user input is not properly validated, an attacker can modify the request: fetch("http://127.0.0.1/admin") or: fetch("http://192.168.1.1/config") Because the request originates from the server, internal systems may trust it and return sensitive data. Types of SSRF Basic (In-band) SSRF T...

File Inclusion Vulnerabilities: Understanding LFI and RFI for Beginners (2026 Guide)

Introduction In this part of the cybersecurity series, we will explore a critical web vulnerability known as File Inclusion . File Inclusion occurs when a web application allows users to control which files are loaded or executed on the server without proper validation. This vulnerability can lead to sensitive data exposure or even full server compromise. What is File Inclusion? File Inclusion is a vulnerability where an application includes files based on user input without proper validation or restrictions. There are two main types of File Inclusion vulnerabilities: Local File Inclusion (LFI) Remote File Inclusion (RFI) 1. Local File Inclusion (LFI) LFI allows an attacker to access and sometimes execute files that are stored on the local server. How LFI Works Consider a website that loads pages using a parameter: https://example.com/view.php?page=contact.php If the application is vulnerable, an attacker can manipulate the parameter: https://example.com/view.php?page=../../../../etc/p...

Command Injection for Beginners: How to Execute OS Commands via Web Applications (2026 Guide)

🔐 Introduction After learning common web vulnerabilities like XSS and CSRF , it is important to understand more critical attacks such as Command Injection (OS Command Injection) . This vulnerability allows an attacker to execute operating system commands directly on the server , which can lead to full system compromise. 💡 What is Command Injection? Command Injection occurs when a web application takes unsafe user input and passes it directly to a system shell or OS command execution function. 👉 If input is not properly validated, attackers can inject malicious system commands. 🧠 How Command Injection Works Imagine a website has a “ping test” feature to check server connectivity. Backend logic example: system("ping -c 4 " + user_input); Normal Input: 8.8.8.8 Result: ping -c 4 8.8.8.8 Malicious Input: 8.8.8.8; whoami Result: ping -c 4 8.8.8.8; whoami 👉 The server executes both commands, exposing system-level information. ⚠️ Common Command Injection Operators Attackers use...

Broken Access Control: Understanding IDOR for Beginners (2026 Guide)

Introduction After learning vulnerabilities like SQL Injection and XSS, the next important concept in web security is Broken Access Control, specifically IDOR (Insecure Direct Object Reference). According to the OWASP Top 10, Broken Access Control is one of the most critical security risks in modern web applications. What is IDOR? IDOR (Insecure Direct Object Reference) happens when a web application uses user-supplied input to directly access objects without proper authorization checks. In simple terms, the application allows access to data by changing an ID without verifying whether the user has permission. Simple Real-World Example Your profile URL might look like: https://example.com/my-account?id=1005 If you change it to: https://example.com/my-account?id=1006 and you can view another user’s private data, then the application is vulnerable to IDOR. Why IDOR is Dangerous Data Exposure Attackers can access sensitive information such as emails, phone numbers, and addresses. Unauthori...

Cross-Site Scripting (XSS) for Beginners: Mastering Web Security (2026 Guide)

Introduction After learning SQL Injection, the next most important vulnerability every aspiring ethical hacker must understand is Cross-Site Scripting (XSS). XSS is one of the most common web vulnerabilities and plays a major role in bug bounty programs and penetration testing. What is Cross-Site Scripting (XSS)? Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into trusted websites. These scripts are executed in the victim’s browser, allowing attackers to manipulate user interactions, steal sensitive data, or hijack sessions. How Does XSS Work? Unlike SQL Injection, which targets the database, XSS targets users interacting with a web application. If a website does not properly sanitize user input, an attacker can inject JavaScript like: <script>alert('Hacked!');</script> When another user visits the affected page, the script executes in their browser. Types of XSS 1. Stored XSS (Persistent) In this type, m...

SQL Injection (SQLi) for Beginners: A Step-by-Step Guide to Your First Hack

  What is SQL Injection (SQLi)? SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data they are not normally able to retrieve. How Does it Work? (The Logic) Imagine a login form where you enter your username. The database query looks like this: SELECT * FROM users WHERE username = 'YOUR_NAME' AND password = 'YOUR_PASSWORD' If the website is vulnerable, an attacker can enter ' OR 1=1 -- in the username field. The query becomes: SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = '...' Since 1=1 is always true, the database grants access without a valid password! Types of SQL Injection In-band SQLi (Classic): The attacker uses the same communication channel to launch the attack and gather results. Error-based: Forcing the database to produce an error message. Union-based: Using the UNION SQL operat...