Introduction I found a Stored Cross Site Scripting vulnerability in WordPress that got rejected and got labeled as Informative by the WordPress Team. Today is the 45th day since I…
Introduction First of all, you might be getting curious about the post title, especially the “xx” in Microsxxt. Well, I leave it to the reader’s imagination to fill those “xx”…
Introduction My journey into Source code security auditing started back in December 2021 when a Recruiter provided me with a challenge to find vulnerabilities in two pages of C# code.…
Introduction Terraform is the most popular Infrastructure as code (IaC) tool available in the market. It supports more than a 1000 cloud providers and has some serious documentation for getting…
Introduction Vaultwarden is a lightweight, single-process, rust based alternate implementation of the Bitwarden Server API which is compatible with bitwarden password manager clients. In short, Vaultwarden is an open source…
Introduction Rootless mode of docker allows a non-root user to run Docker daemon and containers. This helps in preventing potential vulnerabilities, like privilege escalation to root, in the Docker daemon…
Introduction As I’ve mentioned in my First Blog Post, setting up a mail server is optional but recommended to monitor events and security incidents in our server. In this article,…
Linux security is a constantly evolving topic. One of the biggest security related headaches for Administrators is granting Sudo privileges to users. Sudo privilege when unchecked can become the primary…
Apache was the most popular open source webserver available for Linux until recently. As of writing this Apache is used by 31.3% of all websites according to W3Techs. In the…
Today we’ll dive into improving performance and speeding up Apache WebServer while tuning PHP-FPM and MySQL for better performance of our installed WebApps. We’ll be doing a lot of server…