Ax Sharma

Contributor

Ax Sharma is an experienced security researcher, engineer, and cybersecurity reporter. His expertise lies in malware analysis, vulnerability research, and web app security. Through responsible disclosure, Ax has previously exposed serious bugs and security vulnerabilities impacting major national and global organizations.

Software composition analysis explained, and how it identifies open-source software risks

SSRF attacks explained and how to defend against them

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. Defending against them can be relatively easy.

Java deserialization vulnerabilities explained and how to defend against them

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't safeguards in place.

Securing CI/CD pipelines: 6 best practices

Securing CI/CD pipelines: 6 best practices

Criminals are exploiting vulnerabilities in continuous integration/continuous delivery pipelines to steal sensitive information, mine cryptocurrencies, and deliver malicious code.

15 top open-source intelligence tools

15 top open-source intelligence tools

OSINT (open-source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

6 most common types of software supply chain attacks explained

6 most common types of software supply chain attacks explained

Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.

5 ways hackers hide their tracks

5 ways hackers hide their tracks

From trusted pentesting tools to LOLBINs, attackers abuse trusted platforms and protocols to evade security controls.

15 open source GitHub projects for security pros

15 open source GitHub projects for security pros

GitHub has a ton of open-source options for security professionals, with new entries every day. Add these tools to your collection and work smarter.

DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic

DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic

DoT and DoH provide data confidentiality with end-to-end encryption for DNS traffic, but each has trade-offs.

5 tips for a successful penetration testing program

5 tips for a successful penetration testing program

Proper preparation is key to finding the real weaknesses and vulnerabilities in your network through a pentest. These are the five things you need to do before starting.

The state of the dark web: Insights from the underground

The state of the dark web: Insights from the underground

The rise of professional criminal gangs, malware as a service, and improved infrastructure for carrying out criminal activity are changing the dark web. Here's what that means for enterprise security.

The Windows Bad Neighbor vulnerability explained — and how to protect your network

The Windows Bad Neighbor vulnerability explained — and how to protect your network

Attackers could use the Windows Bad Neighbor vulnerability to perform remote code execution or create buffer overflows. Patches and workarounds are available.

Load More