The UnboundCompute blog
Writing on web security
-
What is web application security?
Web application security explained for beginners: what it is, why it matters, the main risk areas like input, access control, and logic,…
-
Broken object level authorization and IDOR, with examples
Broken object level authorization and IDOR explained with a clear API example, why APIs are prone to it, how to detect it,…
-
What is privilege escalation? Examples explained
What is privilege escalation? See clear examples of horizontal and vertical attacks, how they tie to broken access control, and how to…
-
The most common web vulnerabilities, explained simply
A plain words guide to the most common web vulnerabilities, with a tiny example for each so a newcomer can spot and…
-
SAST vs DAST vs IAST, what is the difference?
SAST vs DAST vs IAST explained plainly. See what each scanner catches, what it misses, where false positives come from, and why…
-
What is SQL injection and how does it work?
Learn what SQL injection is and how it works. See a simple login example, what an attacker can do, why it still…
-
What is XSS and how does it work? With examples
What is cross site scripting and how does it work? Learn stored, reflected, and DOM XSS with simple examples, plus how to…
-
What is a business logic vulnerability?
A business logic vulnerability uses valid requests that break the app’s own rules. See four examples and why scanners miss every one…
-
What is an access control vulnerability? Broken access control explained
Broken access control is the number one OWASP risk. Learn what it is, see simple examples, and find out how to spot…
-
Authentication vs authorization, explained with examples
Authentication vs authorization, made clear: one proves who you are, the other decides what you can do, and confusing them breaks access…