Web Security

From a penetration tester’s perspective, SQL Injection (SQLi) remains one of the most critical attack vectors against web applications. Among these, “UNION-based SQL injection”—which exploits the UNION operator—is a powerful technique that allows attackers to directly extract arbitrary information from within the database. In this article, we’ll explain how attackers subvert the specification of UNION to compromise systems, and discuss robust countermeasures against it from a design level. The Basics of UNION and Attack Prerequisites Fundamentally, the UNION operator is used to combine the results of two or more SELECT statements into a single result set. For example, it is used when you want to list both customer and employee data together. ...

Master XML CDATA sections with practical examples. Learn when to use CDATA vs escaping, security best practices, and real-world applications for JavaScript, CSS, and HTML embedding. Understanding XML CDATA: Essential Guide to Handling Special Characters What is CDATA and Why It Matters CDATA (Character Data) creates safe zones in XML where special characters like <, >, and & can appear without escaping. It tells XML parsers: “Don’t interpret this text as markup!” ...

Browsers enforce the same-origin policy to prevent malicious cross-site requests. Preflight acts as a “handshake” before sensitive requests, asking: “Server, are you cool with this?” 🔥 Triggers for Preflight: Non-simple HTTP methods (PUT, DELETE, PATCH) Custom headers (e.g., X-API-Token) “Advanced” Content-Types (e.g., application/json) Credentialed requests (with cookies/auth) ✅ Simple requests (GET/POST with basic headers) skip preflight! 🔁 How Preflight Works: A 2-Step Dance sequenceDiagram Browser->>Server: OPTIONS Request (Preflight) Note left of Browser: Headers sent:<br>📍 Origin<br>📍 Access-Control-Request-Method<br>📍 Access-Control-Request-Headers alt Server Allows Server-->>Browser: 200 OK + CORS Headers Note right of Server: Headers returned:<br>✅ Access-Control-Allow-Origin<br>✅ Access-Control-Allow-Methods<br>✅ Access-Control-Allow-Headers Browser->>Server: Actual Request (e.g., DELETE) else Server Denies Server-->>Browser: CORS Error Blocked! end ⚙️ Server-Side Setup Essentials Handle OPTIONS requests correctly: ...

SQL injection remains one of the most dangerous web application vulnerabilities, responsible for 33% of all web breaches in 2023. This comprehensive guide explains how these attacks work, their real-world impact, and effective defense strategies for developers and security professionals. 1. Understanding SQL Injection Attacks 1.1 What is SQL Injection? SQL injection occurs when attackers exploit improper input sanitization to inject malicious SQL code into database queries. This vulnerability allows attackers to: ...