Skip to content
Application Security Expert Ahsan.au
Research & Articles

Research & Articles

Top Stories
software or data integrity failures 2025
Software or Data Integrity Failures  When Trusted Code Gets Tampered With
December 28, 2025
authentication failures
A07:2025 – Authentication Failures – Why Logins Still Get Hacked
December 27, 2025
Metaphor for A10:2025: A small exception causing catastrophic security failure in a modern application.
A10:2025 Mishandling of Exceptional Conditions – The Quiet AppSec Failure No One Owns
December 22, 2025
Metaphor for choosing secure-by-default paved roads over security gates in application security programs.
Why Most Application Security Programs Fail Before They Begin
December 19, 2025
Group Managed Service Accounts
The Evolution and Security of Non-Human Identities: A Comprehensive Guide to Group Managed Service Accounts
December 16, 2025
The Anatomy of Identity Compromise: A Comprehensive Analysis of Active Directory Attack Paths to Domain Dominance
December 15, 2025
secure SDLC
How to Build a Secure SDLC from Scratch: A Step-by-Step Guide for Modern Teams
December 4, 2025
Malware Analysis Tools for Beginners - 5 Essential Tools
A Beginner-Friendly Guide to Malware Analysis Using Five Essential Tools
December 4, 2025
Complete DNS Security Guide - Protect Your Servers 2025
Understanding DNS, Shared IPs, Origin IP Exposure, and Secure Hosting Migrations
December 2, 2025
Broken Access Control
Broken Access Control: The Quiet, Persistent Threat Still Dominating the OWASP Top 10 in 2025
December 1, 2025
OWASP Top 10
Why OWASP Top 10 (2025) Matters More Than Ever — A Practical Breakdown for Engineers
November 30, 2025
Insecure Design
Insecure Design: The Architect’s Oversight (OWASP A06:2025)
November 28, 2025
SSRF Vulnerability
SSRF Vulnerability Explained: Attack Types, Real-World Examples & Prevention (2025 Edition)
November 27, 2025
Windows Privilege Escalation Tools and Techniques
Windows Privilege Escalation & AD Enumeration: Complete Tool Guide
November 24, 2025
DNS security
Understanding DNS, Shared IPs, Origin IP Exposure, and Secure Hosting Migrations
November 23, 2025
CSRF
CSRF Vulnerability Explained: Cross-Site Request Forgery Attack Types, Real-World Examples & Prevention
November 22, 2025
Ciphers in SSH & FTP
Understanding Ciphers in SSH & FTP: Why Outdated Ciphers Are Dangerous and How to Detect Them
November 22, 2025
DevSecOps Done Right – Honest Guide for Real Teams
DevSecOps Done Right: A Simple Honest Guide forReal Teams
November 21, 2025
Web Cache Deception – Invisible URL Trap & Security Risks
Web Cache Deception: The Invisible Trap in Your URL
November 20, 2025
NetExec Tool Explained – Purpose & Use Cases
What is NetExec and what is its purpose?
November 19, 2025
Vibe Coding vs Agentic Coding
Vibe Coding vs Agentic Coding — Understanding the Future of AI-Driven Software Development
November 9, 2025
The Expanding Threat Landscape – What We’re Ignoring
The Expanding Threat Landscape of 2025: What We Are Ignoring While Attacks Accelerate
November 9, 2025
OWASP Top 10
Posted inApplication Security OWASP Software Engineering

Why OWASP Top 10 (2025) Matters More Than Ever — A Practical Breakdown for Engineers

Introduction: The Relentless Race and the North Star The digital landscape is a constantly evolving battleground. For every innovative stride forward from microservices to serverless there's a new, subtle vulnerability…
Read More
Posted by Ahsan Mohsin November 30, 2025
Insecure Design
Posted inApplication Security OWASP Software Architecture

Insecure Design: The Architect’s Oversight (OWASP A06:2025)

Insecure Design (OWASP Top Ten 2021 Category A04:2021) represents one of the most fundamental and often overlooked risks in application security. This category focuses not on bugs or coding mistakes, but…
Read More
Posted by Ahsan Mohsin November 28, 2025
SSRF Vulnerability
Posted inWeb Security Application Security Cloud Security

SSRF Vulnerability Explained: Attack Types, Real-World Examples & Prevention (2025 Edition)

Disclaimer: This article is for educational purposes only. Always ensure you have proper authorization before testing or exploring vulnerabilities. What is SSRF (Server-Side Request Forgery)? At its simplest, SSRF is when…
Read More
Posted by Ahsan Mohsin November 27, 2025
Windows Privilege Escalation Tools and Techniques
Posted inPenetration Testing Active Directory Windows Security

Windows Privilege Escalation & AD Enumeration: Complete Tool Guide

Overview: Understanding the Two Attack Layers When assessing a Windows environment, you typically work with two distinct layers: Local Machine / Host Scenario: "I have a shell on one Windows box.…
Read More
Posted by Ahsan Mohsin November 24, 2025
DNS security
Posted inWeb Infrastructure DevOps Network Security

Understanding DNS, Shared IPs, Origin IP Exposure, and Secure Hosting Migrations

A Complete Guide for Security & DevOps Professionals The Domain Name System (DNS) is one of the most fundamental building blocks of the modern internet — yet it's also one…
Read More
Posted by Ahsan Mohsin November 23, 2025
CSRF
Posted inApplication Security (AppSec) Cybersecurity Web Security

CSRF Vulnerability Explained: Cross-Site Request Forgery Attack Types, Real-World Examples & Prevention

Disclaimer: This content is for educational purposes only. The author is not responsible for any misuse of the information. Always act ethically and ensure you have proper authorization when testing or…
Read More
Posted by Ahsan Mohsin November 22, 2025
Ciphers in SSH & FTP
Posted inCybersecurity Network Security System Administration

Understanding Ciphers in SSH & FTP: Why Outdated Ciphers Are Dangerous and How to Detect Them

Introduction Cryptography sits at the heart of secure communication. Every time you log into a server using SSH or transfer files over FTPS/SFTP, a cipher ensures your data remains protected.…
Read More
Posted by Ahsan Mohsin November 22, 2025
DevSecOps Done Right – Honest Guide for Real Teams
Posted inDevOps & CI/CD Cloud Computing Cybersecurity

DevSecOps Done Right: A Simple Honest Guide forReal Teams

If you have ever worked on a fast moving product team, you already know this truth: security often becomes the bottleneck. Not because security folks want to slow things down,…
Read More
Posted by Ahsan Mohsin November 21, 2025
Web Cache Deception – Invisible URL Trap & Security Risks
Posted inApplication Security (AppSec) Cybersecurity

Web Cache Deception: The Invisible Trap in Your URL

Introduction Web Cache Deception (WCD) is a subtle yet powerful vulnerability that often goes unnoticed in modern web apps. Unlike flashy exploits, it requires no authentication bypass or injection —…
Read More
Posted by Ahsan Mohsin November 20, 2025
NetExec Tool Explained – Purpose & Use Cases
Posted inNews Cybersecurity Pentesting

What is NetExec and what is its purpose?

NetExec (formerly CrackMapExec 6.x → rewritten and renamed) is a powerful network enumeration, credential testing, and post-exploitation tool designed for: Enumerating Windows/Linux/AD environments Testing credentials across many hosts Password spraying…
Read More
Posted by Ahsan Mohsin November 19, 2025

Posts pagination

Previous page 1 2 3 Next page

Ahsan Mohsin

Hello! I am Ahsan, a security builder and experimenter. I turn complex AppSec and automation problems into compact, useful products.

  • LinkedIn

Recent Posts

  • software or data integrity failures 2025
    Software or Data Integrity Failures  When Trusted Code Gets Tampered With
    by Ahsan Mohsin
    December 28, 2025
  • authentication failures
    A07:2025 – Authentication Failures – Why Logins Still Get Hacked
    by Ahsan Mohsin
    December 27, 2025
  • Metaphor for A10:2025: A small exception causing catastrophic security failure in a modern application.
    A10:2025 Mishandling of Exceptional Conditions – The Quiet AppSec Failure No One Owns
    by Ahsan Mohsin
    December 22, 2025
  • Metaphor for choosing secure-by-default paved roads over security gates in application security programs.
    Why Most Application Security Programs Fail Before They Begin
    by Ahsan Mohsin
    December 19, 2025
  • Group Managed Service Accounts
    The Evolution and Security of Non-Human Identities: A Comprehensive Guide to Group Managed Service Accounts
    by Ahsan Mohsin
    December 16, 2025

Categories

  • Active Directory
  • Application Security
  • Application Security AppSec
  • Cloud Computing
  • Cloud Security
  • Cybersecurity
  • Cybersecurity
  • DevOps
  • DevOps & CI/CD
  • Enterprise Infrastructure
  • Network Defense
  • Network Security
  • News
  • OWASP
  • Penetration Testing
  • Pentesting
  • Software Architecture
  • Software Engineering
  • Software Security
  • System Administration
  • Threat Analysis / Attack Vectors
  • Tools
  • Web Application Security
  • Web Hosting
  • Web Infrastructure
  • Web Security
  • Windows Security

Tags

ACL Attacks Active Directory AD Attacks AD CS API Security Application Security AppSec Attack Paths BloodHound CI/CD Security Cloud Security Cuckoo Sandbox Cybersecurity DCSync DevSecOps Domain Controller Enterprise Security gMSA Golden Ticket Hardening Kerberoasting Kerberos Lateral Movement login security OWASP OWASP A07 2025 OWASP SAMM OWASP Top 10 Persistence PowerShell Privilege Escalation SAST/DAST Secure SDLC Security Security Automation Security Champions Security Program Service Accounts Shared Hosting Threat Modeling Web Application Security Web Security Windows Server x64dbg ZeroLogon

You May Have Missed
software or data integrity failures 2025
Posted inCybersecurity Web Application Security

Software or Data Integrity Failures  When Trusted Code Gets Tampered With

Posted by Ahsan Mohsin December 28, 2025
authentication failures
Posted inWeb Security Cybersecurity

A07:2025 – Authentication Failures – Why Logins Still Get Hacked

Posted by Ahsan Mohsin December 27, 2025
Metaphor for A10:2025: A small exception causing catastrophic security failure in a modern application.
Posted inApplication Security OWASP

A10:2025 Mishandling of Exceptional Conditions – The Quiet AppSec Failure No One Owns

Posted by Ahsan Mohsin December 22, 2025
Metaphor for choosing secure-by-default paved roads over security gates in application security programs.
Posted inApplication Security DevOps

Why Most Application Security Programs Fail Before They Begin

Posted by Ahsan Mohsin December 19, 2025
Application Security Expert Ahsan.au

Hello! I am Ahsan, a security builder and experimenter. I turn complex AppSec and automation problems into compact, useful products.

  • Linked in
  • Email

Ideas ship faster when shared.

© 2026 All Rights Reserved

Scroll to Top