{"id":4622,"date":"2021-11-24T08:41:22","date_gmt":"2021-11-24T08:41:22","guid":{"rendered":"https:\/\/techpearl.io\/?p=4622"},"modified":"2024-02-14T13:13:22","modified_gmt":"2024-02-14T13:13:22","slug":"penetration-testing-of-web-application-observations-and-fixes","status":"publish","type":"post","link":"https:\/\/techpearl.com\/1719395789229\/penetration-testing-of-web-application-observations-and-fixes\/","title":{"rendered":"Penetration Testing For Web Application &#8211; Observations And Fixes"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"4622\" class=\"elementor elementor-4622\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-0eb2448 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"0eb2448\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f96a888 jltma-glass-effect-no\" data-id=\"f96a888\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d92c223 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"d92c223\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Penetration Testing of a Web Application - Vulnerabilities and Fixes<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-475e36b elementor-align-left jltma-glass-effect-no elementor-widget elementor-widget-post-info\" data-id=\"475e36b\" data-element_type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-32351d2 elementor-inline-item\" itemprop=\"author\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-author\">\n\t\t\t\t\t\t\t\t\t\tSandeep Shetty\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3ec04aa bdt-ss-btns-view-icon bdt-ss-btns-shape-rounded bdt-ss-btns-align-left bdt-ep-grid-0 bdt-ss-btns-style-flat bdt-ss-btns-color-original jltma-glass-effect-no elementor-widget elementor-widget-bdt-social-share\" data-id=\"3ec04aa\" data-element_type=\"widget\" data-widget_type=\"bdt-social-share.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"bdt-social-share bdt-ep-grid\">\n\t\t\t\t\t\t\t<div class=\"bdt-social-share-item bdt-ep-grid-item\">\n\t\t\t\t\t<div class=\"bdt-ss-btn bdt-ss-linkedin\" data-social=\"linkedin\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"bdt-ss-icon\">\n\t\t\t\t\t\t\t\t<i class=\"ep-linkedin\"><\/i>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"bdt-social-share-item bdt-ep-grid-item\">\n\t\t\t\t\t<div class=\"bdt-ss-btn bdt-ss-twitter\" data-social=\"twitter\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"bdt-ss-icon\">\n\t\t\t\t\t\t\t\t<i class=\"ep-twitter\"><\/i>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"bdt-social-share-item bdt-ep-grid-item\">\n\t\t\t\t\t<div class=\"bdt-ss-btn bdt-ss-facebook\" data-social=\"facebook\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"bdt-ss-icon\">\n\t\t\t\t\t\t\t\t<i class=\"ep-facebook\"><\/i>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\n\t\t\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-6b2ee70 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"6b2ee70\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-da96364 jltma-glass-effect-no\" data-id=\"da96364\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-58f9b5d jltma-glass-effect-no elementor-widget elementor-widget-theme-post-featured-image elementor-widget-image\" data-id=\"58f9b5d\" data-element_type=\"widget\" data-widget_type=\"theme-post-featured-image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"2240\" height=\"1260\" src=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2.jpg\" class=\"attachment-full size-full\" alt=\"Penetration Testing For Web Application \u2013 Observations And Fixes 2\" srcset=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2.jpg 2240w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2-300x169.jpg 300w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2-1024x576.jpg 1024w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2-768x432.jpg 768w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2-1536x864.jpg 1536w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-Testing-For-Web-Application-\u2013-Observations-And-Fixes-2-2048x1152.jpg 2048w\" sizes=\"auto, (max-width: 2240px) 100vw, 2240px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-6fe1abf elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"6fe1abf\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-567d5dc jltma-glass-effect-no\" data-id=\"567d5dc\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-153398b jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"153398b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Introduction<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-34ea867 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"34ea867\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c9ea2dd jltma-glass-effect-no\" data-id=\"c9ea2dd\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a14fae1 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"a14fae1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">In today&#8217;s interconnected world, where online services and applications play a vital role in various industries, ensuring the security of web applications is of paramount importance. Penetration testing, also known as pen testing, is a widely adopted practice to identify potential security vulnerabilities in computer systems, networks, and web applications. By simulating real-world attacks, penetration testing helps organizations understand their weaknesses and take proactive measures to strengthen their defenses.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-197c7ad jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"197c7ad\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">When it comes to web applications, the Open Web Application Security Project (OWASP) Top 10 standards serve as a crucial reference. OWASP, a nonprofit foundation dedicated to software security, highlights the ten most common security vulnerabilities that attackers attempt to exploit. By addressing these vulnerabilities, organizations can significantly enhance the security posture of their web applications.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-678f2aa jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"678f2aa\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">Here I&#8217;m listing some of the key issues which can be found during penetration testing of web Applications and possible fixes.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-12cbb32 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"12cbb32\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bf4f32e jltma-glass-effect-no\" data-id=\"bf4f32e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b3ab2c3 jltma-glass-effect-no elementor-widget elementor-widget-image\" data-id=\"b3ab2c3\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"768\" src=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-testing-Top-5-Vulnerabilities.png\" class=\"attachment-full size-full\" alt=\"Penetration testing Top 5 Vulnerabilities\" srcset=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-testing-Top-5-Vulnerabilities.png 1024w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-testing-Top-5-Vulnerabilities-300x225.png 300w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/Penetration-testing-Top-5-Vulnerabilities-768x576.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-3fe2fb2 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"3fe2fb2\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ce535a6 jltma-glass-effect-no\" data-id=\"ce535a6\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-107ad3d jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"107ad3d\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Business Rule Bypass<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e1efab1 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"e1efab1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Lack of proper Business Rule Validation at both client and server would open ways for this kind of attack where a malicious user can turn things in his favor.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ef51f32 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"ef51f32\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>Eg<\/strong>: Let\u2019s take a photography competition application, where photographs can be voted till a fixed period of time. Later photographs will be moved to the evaluation stage where the highest voted photograph wins.<br \/>Assume that a photograph can be voted by navigating to path \u201cvote\/photographId\u201d where photographId is unique for each photograph and after the voting period all the photographs will be moved to the evaluation stage where each photograph can be evaluated in path \u201cevaluate\/photographId\u201d.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-25ce1b0 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"25ce1b0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Malicious users will try to bypass the business rule by trying methods below:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0fe535 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"a0fe535\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li>They will note down their photographId which is in the evaluation stage.<\/li><li>Malicious users will navigate to \u201cvote\/photographId\u201d here photographId is one which is noted in step \u2018a\u2019.<\/li><li>If no proper business rule validations are implemented malicious users can exploit the system to get more votes even after their voting period is over.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-78779f9 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"78779f9\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Privilege escalation<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da39495 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"da39495\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">Most of the times developers make the mistake of sending user details in rest API calls in form of path parameter,query parameter, or request body, and granting access to resources in server side based on user data passed via API.\u00a0 Malicious users can spoof this by modifying and sending user data of their wish and get access to any users resources without their consent.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-89d1d18 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"89d1d18\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\"><strong>Eg:\u00a0<\/strong>Getting an Identity Card scan copy of a user stored in the server\u00a0 by sending user email-id in API call.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8cb5398 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"8cb5398\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">We can fix this by implementing a token decode logic in server side so that only JWT token will be sent from client and all the user details are fetched from JWT token only.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc54241 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"bc54241\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Clickjacking attack<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-26c221d jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"26c221d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.<br \/>So if your website renders inside an iFrame then it is prone to Clickjacking attack.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4400488 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"4400488\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\"><strong>You can test if your website is vulnerable to clickjacking by running below HTML file in any browser<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7bae3e9 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"7bae3e9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">\u00a0<\/p><p><iframe loading=\"lazy\" src=\"\u201dhttps:\/\/yourwebiste.com\/your-page\u201d\" width=\"\u201d500\u201d\" height=\"\u201d500\u201d\"><\/iframe><\/p><p class=\"blog-p\">If your website renders successfully, then it is vulnerable to clickjacking.<\/p><p>The X-Frame-Options response header is passed as part of the HTTP response of a web page, indicating whether or not a browser should be allowed to render a page inside a or\u00a0\u00a0<iframe> tag.\n<p><strong>There are 3 possible values\u00a0<\/strong><\/p>\n<ul>\n<li class=\"blog-li\"><strong>DENY<\/strong>\u00a0\u2013 does not allow any domain to display this page within a frame.<\/li>\n<li class=\"blog-li\"><strong>SAMEORIGIN<\/strong>\u00a0\u2013 allows the current page to be displayed in a frame on another page, but only within the current domain.<\/li>\n<li class=\"blog-li\"><strong>ALLOW-FROM URI<\/strong>\u00a0\u2013 allows the current page to be displayed in a frame, but only in a specific URI \u2013 for example\u00a0<a href=\"https:\/\/techpearl.com\/1719395789229\/blog\/pen-test-observations-and-fixes\/index.html\">www.example.com\/frame-page<\/a><\/li>\n<\/ul>\n<p><center><\/center><\/p>\n<div>\u00a0<\/div>\n<p><\/p><\/iframe><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-42bb82d elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"42bb82d\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d68eac5 jltma-glass-effect-no\" data-id=\"d68eac5\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bdfe996 jltma-glass-effect-no elementor-widget elementor-widget-image\" data-id=\"bdfe996\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/techpearl.com\/1719395789229\/contact-us\/\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"220\" src=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/mobile.jpg\" class=\"attachment-full size-full\" alt=\"mobile\" srcset=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/mobile.jpg 1024w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/mobile-300x64.jpg 300w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2021\/11\/mobile-768x165.jpg 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-70ea491 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"70ea491\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-18b714e jltma-glass-effect-no\" data-id=\"18b714e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4e5ff64 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"4e5ff64\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Malicious File Upload<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18373c9 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"18373c9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, or exploit the local vulnerabilities, and so forth. All files uploaded should be validated for type and content of the file so that no executable content gets into server or database.<\/p><p><strong>Eg<\/strong>: Assume that you have an application which allows you to upload images, but if you are not validating uploaded files, malicious users can upload text files with any allowed image extension and mime type.<\/p><p>This can be prevented by validating file mime type, extension and content at both client and server.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70aed44 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"70aed44\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Session continues after logout<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0b4fa6c jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"0b4fa6c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>If you are using token based authentication there is a possibility that tokens issued by your auth provider will be valid even after user logout and any malicious user that gets a hold of this token can access user resources till the expiration of the token.<\/p><p><strong>Eg:<\/strong> Let\u2019s consider an example of a webapp where successful sign-in returns idToken and accessTokens to the client which are valid for 1 hour and then client uses either of the tokens in \u201cAuthorization\u201d header to make rest API calls.After 30 mins if user logout of the application, tokens still remain valid for next 30 mins and any malicious user that gets a hold of these tokens can still make API calls in the name of logged out user.<\/p><p>This can be fixed by storing a map of deviceId and login status in the user table so that we can update {deviceId:123,login:false} when a user logs out of a particular device and consult this map for every API call made.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d9df28 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"6d9df28\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Improper audit trails<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-84d307b jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"84d307b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Logs are very important for a production application for debugging and also for security evaluation purposes, not having proper logs of users who are accessing the application is considered a vulnerability.<\/p><p>Experts expect access logs to contain Action performed, User Details, IP Address, Location and Time Stamp.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e8c5093 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"e8c5093\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Insecure Password Transmission<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e06f293 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"e06f293\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Passwords which are visible in plain text format during transmission to the server in the request body is considered to be one of the security risks because attackers can interpret the wire and read passwords.<\/p><p>It is recommended to use the \u201cSecure Remote Password\u201d protocol for password based authentications so that the password or any data from which can be derived is never sent to the server.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e6f48e jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"2e6f48e\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Source Code Disclosure<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-424096d jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"424096d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Source code disclosure allows malicious users to read source code of the web application by which they can understand the implementation and find any security loopholes easily.<br \/>Source code should be strictly minimized and obfuscated before it is deployed\u00a0 in order to make it non human readable, and non back trackable code.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5daa6ec jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"5daa6ec\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Cross Origin Resource Sharing<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8aa7c83 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"8aa7c83\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">CORS enables sharing resources between different Origins easily, not implementing CORS properly would result in security loopholes which attackers can use to exploit your application.<\/p><p class=\"blog-p\">Basic CORS can be enabled by returning below response header for<br \/>Preflight requests<br \/><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Access-Control-Allow-Origin\" target=\"_blank\" rel=\"noopener\">Access-Control-Allow-Origin<\/a>: \u201cComma separated list of Origins\u201d<br \/>Most of the developers tend to specify<br \/><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Access-Control-Allow-Origin\" target=\"_blank\" rel=\"noopener\">Access-Control-Allow-Origin<\/a>:\u201d*\u201d<\/p><p class=\"blog-p\">Which means any Origin trying to access will be allowed and this will allow attackers from unknown origin have access to your resources.<br \/><strong>Note:<\/strong> You can read more about CORS here:\u00a0<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers#CORS\" target=\"_blank\" rel=\"noopener\">https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers#CORS<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e321904 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"e321904\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Missing Security Headers<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb517e6 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"eb517e6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"blog-p\">There are a number of security response headers which can be returned as a result of rest API calls to a server which will make your application less vulnerable to attacks and more secure.<\/p><h4><strong>Some of them are listed below<\/strong><\/h4><ul><li class=\"blog-li\">HTTP Strict Transport Security (HSTS)<\/li><li class=\"blog-li\">Content Security Policy (CSP)<\/li><li class=\"blog-li\">Cross Site Scripting Protection (X-XSS)<\/li><li class=\"blog-li\">X-Frame-Options<\/li><li class=\"blog-li\">X-Content-Type-Options<\/li><\/ul><p class=\"blog-p\"><strong>Note:<\/strong> You can read more about security headers here:\u00a0<a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\" target=\"_blank\" rel=\"noopener\">https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-107d973 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"107d973\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Summary<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b2a2ef6 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"b2a2ef6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>In this blog, we delved into some of the prominent issues that can be identified during the penetration testing of web applications, along with potential fixes. We explored vulnerabilities such as business rule bypass, privilege escalation, clickjacking attacks, malicious file uploads, session continuity after logout, improper audit trails, insecure password transmission, source code disclosure, Cross-Origin Resource Sharing (CORS) misconfigurations, and missing security headers. By understanding these vulnerabilities and implementing the recommended fixes, organizations can bolster the security of their web applications and protect sensitive data from malicious actors.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b16c80 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"2b16c80\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><i><a href=\"https:\/\/techpearl.com\/1719395789229\/contact-us\/\">Contact us\u00a0<\/a>to find out how Techpearl can develop secure and scalable Web apps for you.<\/i><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d59f527 bdt-ss-btns-view-icon bdt-ss-btns-shape-rounded bdt-ss-btns-align-left bdt-ep-grid-0 bdt-ss-btns-style-flat bdt-ss-btns-color-original jltma-glass-effect-no elementor-widget elementor-widget-bdt-social-share\" data-id=\"d59f527\" data-element_type=\"widget\" data-widget_type=\"bdt-social-share.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"bdt-social-share bdt-ep-grid\">\n\t\t\t\t\t\t\t<div class=\"bdt-social-share-item bdt-ep-grid-item\">\n\t\t\t\t\t<div class=\"bdt-ss-btn bdt-ss-linkedin\" data-social=\"linkedin\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"bdt-ss-icon\">\n\t\t\t\t\t\t\t\t<i class=\"ep-linkedin\"><\/i>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"bdt-social-share-item bdt-ep-grid-item\">\n\t\t\t\t\t<div class=\"bdt-ss-btn bdt-ss-twitter\" data-social=\"twitter\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"bdt-ss-icon\">\n\t\t\t\t\t\t\t\t<i class=\"ep-twitter\"><\/i>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"bdt-social-share-item bdt-ep-grid-item\">\n\t\t\t\t\t<div class=\"bdt-ss-btn bdt-ss-facebook\" data-social=\"facebook\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"bdt-ss-icon\">\n\t\t\t\t\t\t\t\t<i class=\"ep-facebook\"><\/i>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\n\t\t\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-3fb90d2 elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"3fb90d2\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-288243c jltma-glass-effect-no\" data-id=\"288243c\" data-element_type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-inner-section elementor-element elementor-element-be9c955 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"be9c955\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-5e67059 jltma-glass-effect-no\" data-id=\"5e67059\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d4d3e26 elementor-align-center jltma-glass-effect-no elementor-widget elementor-widget-button\" data-id=\"d4d3e26\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t<a class=\"elementor-button elementor-size-sm\" role=\"button\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-text\">Summary<\/span>\n\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6eb0a1c jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"6eb0a1c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Companies will face many challenges during the product&#8217;s lifetime. A mature product manager will be able to handle the changes needed in the product, due to changing market trends and technologies and still be able to keep the product in track.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-d504c3b elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"d504c3b\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f8688c9 jltma-glass-effect-no\" data-id=\"f8688c9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fbac390 jltma-glass-effect-no elementor-widget elementor-widget-heading\" data-id=\"fbac390\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Read More Articles<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-f0bee9e elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"f0bee9e\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-31fa687 jltma-glass-effect-no\" data-id=\"31fa687\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f6d5b66 elementor-grid-3 elementor-grid-tablet-2 elementor-grid-mobile-1 elementor-posts--thumbnail-top elementor-card-shadow-yes elementor-posts__hover-gradient jltma-glass-effect-no elementor-widget elementor-widget-posts\" data-id=\"f6d5b66\" data-element_type=\"widget\" data-settings=\"{&quot;cards_row_gap&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:46,&quot;sizes&quot;:[]},&quot;cards_columns&quot;:&quot;3&quot;,&quot;cards_columns_tablet&quot;:&quot;2&quot;,&quot;cards_columns_mobile&quot;:&quot;1&quot;}\" data-widget_type=\"posts.cards\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-posts-container elementor-posts elementor-posts--skin-cards elementor-grid\">\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-20585 post type-post status-publish format-standard has-post-thumbnail hentry category-blog\">\n\t\t\t<div class=\"elementor-post__card\">\n\t\t\t\t<a class=\"elementor-post__thumbnail__link\" href=\"https:\/\/techpearl.com\/1719395789229\/breaking-the-api-mold\/\">\n\t\t\t<div class=\"elementor-post__thumbnail\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"432\" src=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/09\/14-768x432.jpg\" class=\"attachment-medium_large size-medium_large\" alt=\"\" srcset=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/09\/14-768x432.jpg 768w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/09\/14-300x169.jpg 300w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/09\/14.jpg 1024w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/div>\n\t\t<\/a>\n\t\t\t\t<div class=\"elementor-post__badge\">blog<\/div>\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/techpearl.com\/1719395789229\/breaking-the-api-mold\/\">\n\t\t\t\tBreaking the API Mold: A new era of AI-Driven Customer Journeys\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<div class=\"elementor-post__excerpt\">\n\t\t\t<p>React vs. Angular: Choosing the Right Framework for Your Project In the fast- paced world of financial services, speed, accuracy and scalability are critical. Yet,<\/p>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-post__meta-data\">\n\t\t\t\t\t<span class=\"elementor-post-author\">\n\t\t\tSiddharth Singh\t\t<\/span>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-20556 post type-post status-publish format-standard has-post-thumbnail hentry category-blog\">\n\t\t\t<div class=\"elementor-post__card\">\n\t\t\t\t<a class=\"elementor-post__thumbnail__link\" href=\"https:\/\/techpearl.com\/1719395789229\/react-vs-angular\/\">\n\t\t\t<div class=\"elementor-post__thumbnail\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"432\" src=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-1-768x432.jpg\" class=\"attachment-medium_large size-medium_large\" alt=\"6 1\" srcset=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-1-768x432.jpg 768w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-1-300x169.jpg 300w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-1.jpg 1024w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/div>\n\t\t<\/a>\n\t\t\t\t<div class=\"elementor-post__badge\">blog<\/div>\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/techpearl.com\/1719395789229\/react-vs-angular\/\">\n\t\t\t\tReact vs. Angular: Choosing the Right Framework for Your Project\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<div class=\"elementor-post__excerpt\">\n\t\t\t<p>React vs. Angular: Choosing the Right Framework for Your Project In the world of frontend development, React and Angular are two of the most popular<\/p>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-post__meta-data\">\n\t\t\t\t\t<span class=\"elementor-post-author\">\n\t\t\tTrupti Panchal\t\t<\/span>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-20547 post type-post status-publish format-standard has-post-thumbnail hentry category-blog\">\n\t\t\t<div class=\"elementor-post__card\">\n\t\t\t\t<a class=\"elementor-post__thumbnail__link\" href=\"https:\/\/techpearl.com\/1719395789229\/amazon-q-for-developers\/\">\n\t\t\t<div class=\"elementor-post__thumbnail\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"432\" src=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-768x432.jpg\" class=\"attachment-medium_large size-medium_large\" alt=\"6\" srcset=\"https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-768x432.jpg 768w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6-300x169.jpg 300w, https:\/\/techpearl.com\/1719395789229\/wp-content\/uploads\/2025\/07\/6.jpg 1024w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/div>\n\t\t<\/a>\n\t\t\t\t<div class=\"elementor-post__badge\">blog<\/div>\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/techpearl.com\/1719395789229\/amazon-q-for-developers\/\">\n\t\t\t\tAmazon Q for Developers: Level Up Your Productivity with AI\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<div class=\"elementor-post__excerpt\">\n\t\t\t<p>Amazon Q Developer is AWS&#8217;s new generative AI assistant purpose-built to transform the workflow of software developers and IT professionals. Unlike generic AI chatbots, Amazon<\/p>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-post__meta-data\">\n\t\t\t\t\t<span class=\"elementor-post-author\">\n\t\t\tVinod Charan Kumar\t\t<\/span>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/article>\n\t\t\t\t<\/div>\n\n\n\t\t\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_ma_el_bg_slider elementor-section elementor-top-section elementor-element elementor-element-49ed3f8 elementor-section-boxed elementor-section-height-default elementor-section-height-default jltma-glass-effect-no\" data-id=\"49ed3f8\" data-element_type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ma_el_bg_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2f9baa3 jltma-glass-effect-no\" data-id=\"2f9baa3\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-27a8b08 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"27a8b08\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>\u00a0Contact Us <span style=\"color: #f26a22;\">Now<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a5c49d5 jltma-glass-effect-no elementor-widget elementor-widget-text-editor\" data-id=\"a5c49d5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Talk to us to find out about our flexible engagement models.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2bbc5b5 elementor-align-center elementor-tablet-align-center elementor-mobile-align-center jltma-glass-effect-no elementor-widget elementor-widget-button\" data-id=\"2bbc5b5\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t<a href=\"#\" class=\"elementor-button-link elementor-button elementor-size-md\" role=\"button\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-text\">Get Started<\/span>\n\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Penetration Testing of a Web Application &#8211; Vulnerabilities and Fixes Introduction In today&#8217;s interconnected world, where online services and applications play a vital role in various industries, ensuring the security of web applications is of paramount importance. Penetration testing, also known as pen testing, is a widely adopted practice to identify potential security vulnerabilities in &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/techpearl.com\/1719395789229\/amazon-q-for-developers\/\"> <span class=\"screen-reader-text\">Amazon Q for Developers: Level Up Your Productivity with AI<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":10,"featured_media":10831,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_header_footer","format":"standard","meta":{"footnotes":""},"categories":[63,21,23],"tags":[56,52,36],"class_list":["post-4622","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-software-development","category-web-development","tag-pen-testing","tag-software-development","tag-web-development"],"_links":{"self":[{"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/posts\/4622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/comments?post=4622"}],"version-history":[{"count":103,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/posts\/4622\/revisions"}],"predecessor-version":[{"id":19133,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/posts\/4622\/revisions\/19133"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/media\/10831"}],"wp:attachment":[{"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/media?parent=4622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/categories?post=4622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techpearl.com\/1719395789229\/wp-json\/wp\/v2\/tags?post=4622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}