Authentication is one of the most crucial aspects when it comes to the security of an application. However, suppose an attacker can bypass the implemented authentication by any means. In that case, it is possible to perform privileged actions, enumerate sensitive information and cause chaos resulting in technical, business and reputational impact.

Often, it is observed that most modern applications allow their users to register/enrol using multiple methods such as registration via email, registration via Social Logins and other methods. However, log in via OAuth2.0, SAML, etc., based authentication is usually considered to be secure. …


Cyber Security, Ethical Hacking, Application Security, Penetration Testing, Bug Bounties, etc., these career options are blooming and becoming popular among teenagers, scholars, experienced professionals, etc. globally. The reason for this popularity is surely the growing community, increased attacks, and need for skilled professionals.

However, this domain is at a time confusing for a beginner and it may look like an ocean when it comes to Where should I start from? What should I learn first? Damn, there’s a lot to learn and it will take years for me to get into the game, is there any shortcut or shall I…


Cookies are a widely used way to enable authentication in many of the applications out there. Over time, there has been a lot of security implications in Cookie-Based Authentication and new methods such as token-based authentication has entered the picture. Although many modern applications are adapting Token-Based authentication, Cookie-Based Authentication is still alive and can be observed in the wild. From my pentesting experience, I’ve observed that 6 out of 10 applications still utilize cookie-based authentication.

Before reading this article, it is essential to understand cookies and how they work. You can read about them here.

In this article, we…


Web Application is commonly found part of any organization’s infrastructure and often is exposed publicly and accessible by the world. Due to this, an attacker usually considers attacking the web applications in order to gain an initial foothold into the organization’s network. From my personal experience being a Pentester & Bug Bounty Hunter, you will see Web Applications everywhere and most of the organizations want their exposed infrastructure to be secure & robust. Hence, Web Application Penetration Testing is one of the core skills when it comes to Pentesting & Bug Bounty.

I recently attempted for eLearnSecurity’s eLearnSecurity Web application…


Reconnaissance (aka Recon) is an essential process in pentesting, especially Black Box Pentesting, where you don’t have specifics about your target. Before starting to hit your target, it is important to gather as much information as possible about your target to specify your Attack Surface area. An “Attack Surface” is a fancy term used to define the “Viable Attack Points” for your target.

Recon comes in hand when gathering information about your target. Some people may consider recon as something to automate and find vulnerabilities. …


Multi-Factor Authentication (MFA) often known as Two-Factor Authentication (2FA) is an added layer of protection added to an application in order to enhance the overall security of the user’s account.

Multi-Factor Authentication Workflow

  1. The user navigates to the Application’s Login Function and provides login credentials.
  2. Upon which, the application invokes a 2FA request, asking the user to input and verify the identity for a second time. This is different from the password.
  3. The user has access to its 2FA device, say, it’s a Third-Party Application (TPA) like Authy or Google Authenticator.
  4. The User takes the 2FA code and provides it…


The penetration Testing domain has grown exponentially in the last couple of years and so the competition. Validating and Proving your skills in a short interview call isn’t always a win-win situation for both the employee and employer and this is where various security certification comes into the picture. Various well-known security certifications give the organization confidence about the person they are hiring as they have validated their skills through the certification exam.

eLearnSecurity offers a certification called eLearnSecurity Certified Profession Penetration Tester (eCPPT) v2 which is a real-life practical scenario-based examination. I recently gave this certification and obtained it…


Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a common web vulnerability that allows an attacker to redirect the victim user to an attacker-controlled domain. This attack can leveraged to steal sensitive information such as tokens, perform social engineering, and other attacks.

The Arbitrary URL Redirection Attack mostly happens at the endpoint where the application accepts user-supplied URL and redirects it upon the execution of the vulnerable function. Some of the common parameters are ?return=,?returnURI=,?forwardedTo=, ?redirect=, ?redirectURI=, ?url=,?forward= and other such parameter that seems to load or redirect user to another endpoint.

If…


Insecure Direct Object Reference falls under the category for Broken Access Controls as per OWASP TOP 10 (2017 Edition). This issue usually occurs due to weak implementation of the application’s access control logics which links an identifier or an object to a particular asset say user_id parameter defines which user’s data is to be updated. IDORs are compared to server-side issues, are widely observed, and easy to identify. However, often IDORs can be tricky and an application that looks very much robust might also have IDORs.

Hi fellow hackers and bounty hunters, I hope you all are doing good. After…


Amazon S3 (Simple Storage Service) is one of the popular and widely used storage services. Many companies are using S3 buckets to store their assets such as user profile pictures, static resources, and anything as per their business logic and needs. However, if the buckets are not configured properly, or are unclaimed, an attacker can probably perform some mischievous actions such as S3 Bucket Takeover or S3 Content Takeover.

Hi Fellow Hackers & Enthusiasts, In this article, I will be talking about one of the recent encounters where a misconfigured S3 Bucket allowed me to perform any of the CRUD…

Harsh Bothra

Security Engineer | Bugcrowd Top 150 & MVP| Synack Red Teamer | Cobalt Core Pentester | Bug Hunter | Author | Speaker | Learner | Poet | Twitter — @harshbothra_

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store