Exploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTV

In this video, we explore a powerful yet often overlooked web vulnerability known as Client-Side Path Traversal (CSPT). Using the CSPT Playground by DNSsec, we demonstrate how attackers can exploit insecure client-side logic to manipulate path parameters, bypass access controls, and potentially trigger dangerous POST requests — even with authentication tokens like JWT or CSRF included. We walk through a practical attack scenario, explain how CSPT can be chained with other vulnerabilities like CSRF, and highlight why traditional defenses like same-site cookies may fall short. Most importantly, we discuss critical remediation strategies, including backend JSON schema enforcement, frontend input sanitization, and improving security in API client libraries. This deep dive into CSPT will help developers and security researchers better understand and defend against this subtle yet serious threat.

ZAP Active Scan | CyberSecurityTV

Unleash the power of cybersecurity with our latest video featuring ZAP Active Scan! 🛡️ Join CyberSecurityTV as we delve into the dynamic world of security testing, exploring how ZAP's Active Scan takes defense to a whole new level. 🔒 Don't miss out on the insights, tips, and tricks to fortify your digital fortress.

Watch now to stay ahead of the cyber game!

What is HIPAA Compliance? | CybersecurityTv

HIPAA, which stands for the Health Insurance Portability and Accountability Act, is a comprehensive U.S. federal law enacted in 1996 that addresses various aspects of healthcare, including health insurance coverage, patient privacy, and healthcare data security. HIPAA compliance refers to the set of rules, regulations, and practices that healthcare organizations, healthcare providers, health plans, and their business associates must follow to protect patients' sensitive health information and maintain the confidentiality, integrity, and availability of healthcare data.

ZAP Active Scan | CyberSecurityTV

🌟ZAP is an open-source proxy tool for the penetration testing. One of the most useful features is the active scan using the OWASP ZAP. It is very important to know how to configure form-based authentication and scan all the relevant pages.

I will show you a couple methods to generate PGP keys and we will also see some of the attributes that we need to configure in order to generate a secure key. Once you have the key, we will also see how to use them to securely exchange the information.

Tips for Secure Code Review | CybersecurityTv

In this informative video, CybersecurityTv presents valuable tips for conducting secure code reviews, an essential practice in ensuring the safety and integrity of software applications. Secure code reviews play a crucial role in identifying and addressing potential vulnerabilities and weaknesses before they are exploited by malicious actors.

#SecureCodeReview#CybersecurityTips#CodeSecurity#SoftwareDevelopment#SecurityBestPractices#ThreatModeling#VulnerabilityAssessment#SecureCoding#ContinuousLearning#CybersecurityEducation

Which email provider should you choose for the dark web | CyberSecurityTv | Shorts | API Testing

Exploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTV

In this video, we explore a powerful yet often overlooked web vulnerability known as Client-Side Path Traversal (CSPT). Using the CSPT Playground by DNSsec, we demonstrate how attackers can exploit insecure client-side logic to manipulate path parameters, bypass access controls, and potentially trigger dangerous POST requests — even with authentication tokens like JWT or CSRF included.

Tips for Secure Code Review | CybersecurityTv

Secure code review is a crucial part of the software development lifecycle aimed at identifying and mitigating security vulnerabilities in code. It involves manually examining the source code for potential security issues.

What is HIPAA Compliance? | CybersecurityTv

Information security is not all about hacking and penetration test. Compliance is also a big market to govern organizations. There are many compliance frameworks depending on the country such as ISO 27001, SOC, PCI, HIPAA, and HITRUST. This episode will give you a brief introduction to HIPAA compliance specific to information security.

Security Knowledge Framework is a tool provided by OWASP. The tool uses the ASVS framework to provide a security checklist to the developers. This tool should also be used and governed by the security professional to train and help developers build secure software by design.

What are Dark Web | Email Providers | CyberSecurityTv

Exploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTV

In this video, we explore a powerful yet often overlooked web vulnerability known as Client-Side Path Traversal (CSPT). Using the CSPT Playground by DNSsec, we demonstrate how attackers can exploit insecure client-side logic to manipulate path parameters, bypass access controls, and potentially trigger dangerous POST requests — even with authentication tokens like JWT or CSRF included. We walk through a practical attack scenario, explain how CSPT can be chained with other vulnerabilities like CSRF, and highlight why traditional defenses like same-site cookies may fall short.

How to Setup Pidgin | Dark Web Chat | CybersecurityTv

Unlock the secrets of anonymous communication with 'How to Setup Pidgin for Dark Web Chat' on CybersecurityTV. In this tutorial, we walk you through configuring Pidgin, a versatile messaging client, to access the mysterious world of the dark web. Explore secure and private communication in the depths of the internet."

JWT Security Vulnerabilities | CyberSecurityTv

JSON Web Tokens (JWTs) are a widely used method for representing claims between two parties in a compact and self-contained way

How to answer API security questions in an Interview? | CyberSecurityTV

🌟During an interview, there are few tricky questions regarding API security. In this episode, I have tried cover few and give my perspective on how to respond to those questions and also better prepare yourself. This is not a full list of questions but at least covers majority of questions that could be asked.