Tornado is a great and easy to use Python web framework for developing dynamic web applications with ease. When it comes to PoC or CTF Challenge creation, tornado is my default choice. Today we will see how Server Side Template Injection (SSTI) can be achieved in Tornado using the default template engine provided with it. […]
Archive | 2016
XSS in Instamojo Woocommerce Plugin
We are using Instamojo as a payment gateway for Indian Customers. Instamojo provides a plugin that can be used with WooCommerce. To ensure our customers safety we used to do a code review and security analysis on the plugins we use. Our security assessment revealed that Instamojo plugin is affected by a reflected cross site […]
OpSecX brings new Web Security Course, WebSec Ninja: Lesser Known WebAttacks
OpSecX WebSecNinja: Lesser Known WebAttacks is a brand new and unique web security course that takes the learner to the next level of web security. A perfect blend of latest and lesser known web attacks that are explained with ultimate details and accompanied by demos and how-tos that you can apply in real world red-team […]
Launching OpSecX | Security Education for Everyone
We are glad to announce the launch of OpSecX, an online security education platform that provides quality and affordable security education for everyone. The increasing reliance of our information age businesses, economies and governments on computer based infrastructure and technology makes them a target of cyber attacks. The security industry is growing, evolving and learning new things to tackle […]