Session Fixation
What is Session Fixation? Session Fixation is used by an attacker when it is not possible to steal the session_id. Session Fixation allows an attacke…
Hello, I am Nirav Gadhiya
Security Analyst | Actively Looking For a Change | Available for immediate joining
Something about me
I started my career as a lecturer in an engineering college. Then I turned into development to find some challenges in my day to day routine. I choose to be a security analyst at the peak of my development career. The reasons which led me to jump in the information security domain are challenges in daily tasks, exploring and learning new things and eagerness of finding odds. As a security analyst, I worked mostly with web applications and a few mobile applications. I have also tested some external and internal networks as well. I found the current job profile interesting as I got a chance to work in various domains like e-commerce, banking portals, government portals, CRM kind of applications and e-wallets. I learned a lot by finding and exploiting vulnerabilities like Cross-Site Scripting, SQL Injection, Insecure Direct Object References, Cross-Site Request Forgery, Server-Side Request Forgery, Remote Code Execution, XML Injection, File Upload Bypasses, etc.
Penetration Testing
I am proficient with penetration testing of Mobile application, Web application and Networks. However Web Penetration testing is my favourite.
Red Teaming
To be very frank, I not expert in Red Teaming but I can rank my self as intermediate for Red Teaming as I have not done it stand alone.
Source Code Review
I have worked on several projects of Source Code Review of different languages like Objective C, Swift, Java and PHP.
Information Security Training
I provide InfoSec Training to beginners and students in collage. I am also conducting seminars and workshops in local conferences.
Tools I work on
Here is the list of tools I generally work on. I use many other tools as well as per the requirements.
Burp Suit
OWASP ZAP
SQL Map
Nikto
NMap
WireShark
Metasploit
Nessus
March 08, 2020
Session Vulnerabilities
March 03, 2020
Session Vulnerabilities
Session Hijacking
What is Session Hijacking? Session Hijacking is an attack that can be performed by exploiting some vulnerabilities. Session_Token and Session_Id are …
March 03, 2020
Command Injection
Command Injection
What is Command Injection? Command Injection which is also known as OS Command Injection or Shell Injection is a vulnerability with very high severit…
March 03, 2020
LDAP Injection
LDAP Injection
What is LDAP? LDAP is a Lightweight Directory Access Protocol which is used by LDAP servers to store, retrieve and manage the data. LDAP communicates…
March 01, 2020
XSS
DOM Based Cross-Site Scripting
What is DOM Based Cross-Site Scripting? When an application uses javascript which accepts data from unknown or un-sanitized sources like GET url and …
March 01, 2020
XSS
Reflected Cross-Site Scripting
What is Reflected Cross-Site Scripting? Unlike stored XSS, Reflected XSS does not store the payload to the database. An attacker can use the GET para…
Author Description
Security Analyst
Actively Looking For a Change
Available for immediate joining
Available for part/full-time job/contracts
Actively Looking For a Change
Available for immediate joining
Available for part/full-time job/contracts
Search This Blog
Categories
Popular Posts
UNION based SQL Injection
March 01, 2020
Cross Site Scripting(XSS)
November 28, 2019
SQL Injection
February 28, 2020
Comments
Recent
Total Pageviews
Hello! We’re Fenix Creative Photo Studio
Contact Info
Lorem Ipsum is simply dummy text of the printing and typesetting has been the industry's.
Contact List
Skype: skype.username
Behance.net/username
WhatsApp: +01 99 8877-6655
Contact Form
Created By SoraTemplates | Distributed By Blogger Templates