CORS is a browser mechanism which enables access to resources that reside outside of a given domain. If it is poorly configured, it could lead to cross-domain attacks. To better understand CORS,...

XML External Entity (XXE) XXE is a vulnerability that can occur when the application processes XML data. When present, it may allow an attacker to view files from the app server or even interact...

Race Conditions When a website has to handle concurrent requests at the same time, they use different threads so they can execute them in parallel. These threads interact with the same database ...

Single-packet attack A single-packet attack is a methodology used to exploit race conditions. A race condition vulnerability is a flaw in a system that arises when multiple processes access and m...

Path Traversal When it comes to the structure of web pages, they are often organized into directories. Typically, elements such as scripts, images, CSS files, and HTML files are stored in a hierar...

Authentication vs Authorization Authentication is the process of verifying the identity of a user or client using authentication mechanisms (something you know, have, or are). On the other hand,...

Advanced Security Information Model Schemas (ASIM) Microsoft Sentinel, the SIEM solution that Microsoft Azure offers, ingest data from many sources, like firewalls, domain controlers, device log...

What is a SQL injection (SQLi) and how does it work? Web applications store the information in databases. You can imagine a database as a table with named columns where data is stored inside. When...

Machine Translation In this post we will learn how machines can translate text into different languages. Imagine that we have all words in english represented as vectors and all words in french r...

Vector Space Models Vector spaces models are algebraic models that can help us to better represent text. With vector space we can: Extract information and detect two senteces that are writte...