Skip to content
Fast-turnaround security assessments available — 10+ years development & security experienceGet started
Knowledge Base

Security Knowledge Base

Deep-dive explanations of vulnerability classes, attack methodologies, and assessment frameworks. CWE references, real-world context, and prevention guidance.

VulnerabilityCWE-79A03:2021

Cross-Site Scripting (XSS): How It Works and How to Prevent It

Cross-site scripting remains one of the most prevalent web vulnerabilities, allowing attackers to inject malicious scripts into trusted websites and compromise user sessions, steal credentials, and deface applications.

9 min readRead article
VulnerabilityCWE-639A01:2021

Insecure Direct Object References: The Most Common Access Control Flaw

Insecure direct object references occur when an application exposes internal object identifiers without verifying that the requesting user is authorized to access them, enabling attackers to access or modify other users' data by simply changing a parameter.

9 min readRead article
VulnerabilityCWE-918A10:2021

Server-Side Request Forgery: When Your Server Becomes the Attacker

Server-side request forgery turns your own infrastructure against you, allowing attackers to make your server send requests to internal systems, cloud metadata endpoints, and protected networks that should never be accessible from the outside.

10 min readRead article
VulnerabilityCWE-644

Host Header Injection: How Trusted Headers Become Attack Vectors

Host header injection exploits applications that trust the HTTP Host header for critical operations like password reset links, cache keys, and redirects — allowing attackers to poison caches, steal reset tokens, and redirect users to malicious sites.

9 min readRead article
VulnerabilityCWE-706A01:2021

Path Normalization Attacks: When a Slash Breaks Authentication

Path normalization attacks exploit inconsistencies in how different components of a web stack interpret URL paths, allowing attackers to bypass authentication middleware, access control rules, and WAF protections with techniques as simple as adding a trailing slash.

10 min readRead article
VulnerabilityCWE-284A01:2021

Broken Access Control: OWASP's #1 Web Application Vulnerability

Broken access control is the most prevalent web application vulnerability class. It lets attackers bypass authorization to view, modify, or delete resources they should never reach. Here's how it works, why scanners miss it, and how to fix it.

10 min readRead article
VulnerabilityA04:2021

Business Logic Vulnerabilities: What Scanners Can't Find

Business logic vulnerabilities exploit the intended functionality of an application in unintended ways. They don't trigger signatures, don't match patterns, and don't show up in automated scans. Finding them requires understanding how the application is supposed to work — and then breaking that assumption.

11 min readRead article
Services

Our Security Assessment Process: From Scope to Remediation

A complete walkthrough of how Raijuna conducts security assessments — from initial scoping through reconnaissance, manual testing, and exploitation to delivering actionable reports with verified findings and remediation verification.

10 min readRead article
Services

What We Test: Applications, APIs, Authentication, Infrastructure

A detailed breakdown of what Raijuna tests during security assessments — web applications, REST and GraphQL APIs, authentication and SSO flows, cloud infrastructure, and mobile backends. For each target type: what we look for, common findings, and why it matters.

11 min readRead article
Services

What Makes a Security Report Actionable

The difference between a useful security report and a useless one isn't the number of findings — it's whether anyone can act on them. Here's what separates actionable security reports from scan dumps, and why report quality determines whether vulnerabilities actually get fixed.

11 min readRead article