<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Web Security on Raghunath Gopinath</title>
    <link>https://raghu.io/categories/web-security/</link>
    <description>Recent content in Web Security on Raghunath Gopinath</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en</language>
    <managingEditor>hello@raghu.io (Raghunath Gopinath)</managingEditor>
    <webMaster>hello@raghu.io (Raghunath Gopinath)</webMaster>
    <copyright>© 2026 Raghunath Gopinath</copyright>
    <lastBuildDate>Thu, 30 Apr 2026 20:36:05 +0530</lastBuildDate><atom:link href="https://raghu.io/categories/web-security/index.xml" rel="self" type="application/rss+xml" />
    
    <item>
      <title>How to Install and Configure Shield Security: Step-by-step guide</title>
      <link>https://raghu.io/how-to-install-and-configure-shield-security-step-by-step-guide/</link>
      <pubDate>Tue, 07 May 2024 05:15:32 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/how-to-install-and-configure-shield-security-step-by-step-guide/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/how-to-install-and-configure-shield-security-step-by-step-guide/featured.webp" />
    </item>
    
    <item>
      <title>Security Threats of Nulled WordPress Plugins and Themes: Uncovering the Hidden Dangers</title>
      <link>https://raghu.io/security-threats-of-nulled-wordpress-plugins-and-themes-uncovering-the-hidden-dangers/</link>
      <pubDate>Fri, 12 Apr 2024 04:23:30 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/security-threats-of-nulled-wordpress-plugins-and-themes-uncovering-the-hidden-dangers/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/security-threats-of-nulled-wordpress-plugins-and-themes-uncovering-the-hidden-dangers/featured.webp" />
    </item>
    
    <item>
      <title>Enhancing the Security of WordPress Sites: Best Practices and Tips</title>
      <link>https://raghu.io/enhancing-the-security-of-wordpress-sites-best-practices-and-tips/</link>
      <pubDate>Wed, 20 Mar 2024 15:30:01 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/enhancing-the-security-of-wordpress-sites-best-practices-and-tips/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/enhancing-the-security-of-wordpress-sites-best-practices-and-tips/featured.png" />
    </item>
    
    <item>
      <title>XSS Explained - Learn cross-site scripting with examples</title>
      <link>https://raghu.io/xss-explained-learn-cross-site-scripting-with-examples/</link>
      <pubDate>Fri, 25 Nov 2022 11:35:43 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-explained-learn-cross-site-scripting-with-examples/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-explained-learn-cross-site-scripting-with-examples/featured.png" />
    </item>
    
    <item>
      <title>DVWA - Brute Force Attack and Prevention Explained</title>
      <link>https://raghu.io/dvwa-brute-force-attack-and-prevention-explained/</link>
      <pubDate>Fri, 30 Sep 2022 06:53:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/dvwa-brute-force-attack-and-prevention-explained/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/dvwa-brute-force-attack-and-prevention-explained/featured.png" />
    </item>
    
    <item>
      <title>Mitigating XSS Vulnerability</title>
      <link>https://raghu.io/mitigating-xss-vulnerability/</link>
      <pubDate>Sat, 20 Aug 2022 04:30:12 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/mitigating-xss-vulnerability/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/mitigating-xss-vulnerability/featured.png" />
    </item>
    
    <item>
      <title>Mitigating Command Injection</title>
      <link>https://raghu.io/mitigating-command-injection/</link>
      <pubDate>Wed, 10 Aug 2022 09:47:10 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/mitigating-command-injection/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/mitigating-command-injection/featured.png" />
    </item>
    
    <item>
      <title>DVWA Brute Force Attack - High Severity</title>
      <link>https://raghu.io/dvwa-brute-force-attack-high-severity/</link>
      <pubDate>Thu, 04 Aug 2022 11:44:26 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/dvwa-brute-force-attack-high-severity/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/dvwa-brute-force-attack-high-severity/featured.png" />
    </item>
    
    <item>
      <title>DVWA Brute Force Attack - Medium Severity</title>
      <link>https://raghu.io/dvwa-brute-force-attack-medium-severity/</link>
      <pubDate>Wed, 03 Aug 2022 06:22:22 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/dvwa-brute-force-attack-medium-severity/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/dvwa-brute-force-attack-medium-severity/featured.png" />
    </item>
    
    <item>
      <title>Lab Setup - Docker DVWA</title>
      <link>https://raghu.io/lab-setup-docker-dvwa/</link>
      <pubDate>Sat, 30 Jul 2022 07:42:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/lab-setup-docker-dvwa/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/lab-setup-docker-dvwa/featured.png" />
    </item>
    
    <item>
      <title>BurpSuite Installation</title>
      <link>https://raghu.io/burpsuite-installation/</link>
      <pubDate>Thu, 28 Jul 2022 06:11:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/burpsuite-installation/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/burpsuite-installation/featured.webp" />
    </item>
    
    <item>
      <title>What is Web Application and How does it work?</title>
      <link>https://raghu.io/what-is-web-application-and-how-does-it-work/</link>
      <pubDate>Mon, 25 Jul 2022 14:15:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/what-is-web-application-and-how-does-it-work/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/what-is-web-application-and-how-does-it-work/featured.webp" />
    </item>
    
    <item>
      <title>The Importance of a Security.txt File</title>
      <link>https://raghu.io/the-importance-of-a-security.txt-file/</link>
      <pubDate>Thu, 06 Jan 2022 06:15:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/the-importance-of-a-security.txt-file/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/the-importance-of-a-security.txt-file/featured.webp" />
    </item>
    
    <item>
      <title>Challenge 1 - Stored cross-site scripting attack</title>
      <link>https://raghu.io/challenge-1-stored-cross-site-scripting-attack/</link>
      <pubDate>Tue, 13 Dec 2022 05:43:59 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/challenge-1-stored-cross-site-scripting-attack/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/challenge-1-stored-cross-site-scripting-attack/featured.png" />
    </item>
    
    <item>
      <title>BurpSuite Overview</title>
      <link>https://raghu.io/burpsuite-overview/</link>
      <pubDate>Fri, 29 Jul 2022 14:36:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/burpsuite-overview/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/burpsuite-overview/featured.webp" />
    </item>
    
    <item>
      <title>HTTP Basics Tutorial</title>
      <link>https://raghu.io/http-basics-tutorial/</link>
      <pubDate>Tue, 26 Jul 2022 08:53:00 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/http-basics-tutorial/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/http-basics-tutorial/featured.webp" />
    </item>
    
    <item>
      <title>Challenge 2 - Reflected cross-site scripting attack</title>
      <link>https://raghu.io/challenge-2-reflected-cross-site-scripting-attack/</link>
      <pubDate>Wed, 04 Jan 2023 15:29:55 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/challenge-2-reflected-cross-site-scripting-attack/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/challenge-2-reflected-cross-site-scripting-attack/featured.png" />
    </item>
    
    <item>
      <title>Challenge 3 - XSS bypass blacklist HTML tags</title>
      <link>https://raghu.io/challenge-3-xss-bypass-blacklist-html-tags/</link>
      <pubDate>Fri, 13 Jan 2023 05:21:34 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/challenge-3-xss-bypass-blacklist-html-tags/</guid>
      <description></description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/challenge-3-xss-bypass-blacklist-html-tags/featured.png" />
    </item>
    
    <item>
      <title>How to Install Wordfence: Step-by-step guide</title>
      <link>https://raghu.io/how-to-install-wordfence/</link>
      <pubDate>Fri, 15 Mar 2024 04:02:29 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/how-to-install-wordfence/</guid>
      <description>This step-by-step guide on how to install the Wordfence plugin will enable the standard recommended security settings for your WordPress website quickly and keep it safe from potential threats.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/how-to-install-wordfence/featured.png" />
    </item>
    
    <item>
      <title>WordPress Scan for Vulnerabilities: A Comprehensive Guide for Site Security</title>
      <link>https://raghu.io/wordpress-scan-for-vulnerabilities-a-comprehensive-guide-for-site-security/</link>
      <pubDate>Mon, 05 Feb 2024 17:17:03 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/wordpress-scan-for-vulnerabilities-a-comprehensive-guide-for-site-security/</guid>
      <description>WordPress scan for vulnerabilities article will guide you with step-by-step approaches and examples that can be implemented on your website to scan and identify vulnerabilities. Also, additional information about security measures, tools, and plugins is available.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/wordpress-scan-for-vulnerabilities-a-comprehensive-guide-for-site-security/featured.jpg" />
    </item>
    
    <item>
      <title>Bug Bounty vs Pentest: Making an Informed Decision on Security Testing</title>
      <link>https://raghu.io/bug-bounty-vs-pentest-making-an-informed-decision-on-security-testing/</link>
      <pubDate>Sun, 14 Jan 2024 03:29:08 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/bug-bounty-vs-pentest-making-an-informed-decision-on-security-testing/</guid>
      <description>Both bug bounty and pentest play crucial roles in identifying and addressing security vulnerabilities, but they differ in their approaches. Understanding these differences helps you choose which type of security testing best suits for organizations or hackers who want to get into security testing.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/bug-bounty-vs-pentest-making-an-informed-decision-on-security-testing/featured.png" />
    </item>
    
    <item>
      <title>Challenge 14: XSS bypass blacklisted JS function</title>
      <link>https://raghu.io/xss-bypass-blacklisted-js-function-challenge-14/</link>
      <pubDate>Tue, 21 Mar 2023 06:30:20 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-bypass-blacklisted-js-function-challenge-14/</guid>
      <description>This article goes into depth discussing an alternative JavaScript function, namely &amp;#34;confirm()&amp;#34;. It serves as an alternative for the JavaScript &amp;#34;alert()&amp;#34; function when the latter is unavailable.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-bypass-blacklisted-js-function-challenge-14/featured.png" />
    </item>
    
    <item>
      <title>Challenge 13: XSS  in HTML Anchor Tag</title>
      <link>https://raghu.io/xss-in-html-anchor-tag/</link>
      <pubDate>Thu, 16 Mar 2023 06:52:55 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-in-html-anchor-tag/</guid>
      <description>Check out how a security risk can arise from an improperly configured dynamic link generation tag and which can result in XSS exploitation.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-in-html-anchor-tag/featured.png" />
    </item>
    
    <item>
      <title>Challenge 12: XSS CSP bypass through remote payload</title>
      <link>https://raghu.io/xss-csp-bypass-remote-payload-challenge-12/</link>
      <pubDate>Sat, 11 Mar 2023 06:30:06 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-csp-bypass-remote-payload-challenge-12/</guid>
      <description>Learn how to bypass a misconfigured CSP policy and how it can lead to the successful exploitation of cross-site scripting vulnerability.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-csp-bypass-remote-payload-challenge-12/featured.png" />
    </item>
    
    <item>
      <title>Challenge 11: XSS CSP bypass through an inline script</title>
      <link>https://raghu.io/xss-csp-bypass-through-inline-script-challenge-11/</link>
      <pubDate>Sat, 04 Mar 2023 06:30:48 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-csp-bypass-through-inline-script-challenge-11/</guid>
      <description>Learn how a misconfigured CSP can be bypassed, potentially leading to the successful exploitation of cross-site scripting vulnerability.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-csp-bypass-through-inline-script-challenge-11/featured.png" />
    </item>
    
    <item>
      <title>Challenge 10: XSS bypass backslash escape</title>
      <link>https://raghu.io/xss-bypass-backslash-escape-challenge-10/</link>
      <pubDate>Tue, 28 Feb 2023 06:30:15 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-bypass-backslash-escape-challenge-10/</guid>
      <description>Check out how the XSS can be exploited in the HTML &amp;lt;div&amp;gt; tags and learn more about &amp;lt;img&amp;gt; tag-based XSS payload.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-bypass-backslash-escape-challenge-10/featured.png" />
    </item>
    
    <item>
      <title>Challenge 9: XSS in the hidden input field</title>
      <link>https://raghu.io/xss-in-hidden-input-field-challenge-9/</link>
      <pubDate>Fri, 24 Feb 2023 06:42:44 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-in-hidden-input-field-challenge-9/</guid>
      <description>Check out how the XSS can also be exploited in hidden input parameter fields with examples.</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-in-hidden-input-field-challenge-9/featured.png" />
    </item>
    
    <item>
      <title>Challenge 8: XSS bypass improper output encoding</title>
      <link>https://raghu.io/xss-bypass-improper-output-encoding-challenge-8/</link>
      <pubDate>Mon, 20 Feb 2023 04:45:53 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-bypass-improper-output-encoding-challenge-8/</guid>
      <description>Learn how the partially implemented HTML output encoding can be bypassed for exploiting XSS vulnerability using the HTML5 attributes</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-bypass-improper-output-encoding-challenge-8/featured.png" />
    </item>
    
    <item>
      <title>Challenge 7: XSS in a dropdown list</title>
      <link>https://raghu.io/xss-in-dropdown-list-challenge-7/</link>
      <pubDate>Fri, 10 Feb 2023 05:40:27 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-in-dropdown-list-challenge-7/</guid>
      <description>Learn how the XSS vulnerability can be found in other params even though it is not editable by the browser using the BurpSuite Proxy tool</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-in-dropdown-list-challenge-7/featured.png" />
    </item>
    
    <item>
      <title>Challenge 6: XSS Bypass Client-Side Blacklist Validation</title>
      <link>https://raghu.io/xss-bypass-client-side-blacklist-validation-challenge-6/</link>
      <pubDate>Mon, 06 Feb 2023 11:22:01 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-bypass-client-side-blacklist-validation-challenge-6/</guid>
      <description>Learn why client-side validation cannot be trusted all the time and how it can be tampered with by using BurpSuite as a proxy for exploiting XSS</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-bypass-client-side-blacklist-validation-challenge-6/featured.png" />
    </item>
    
    <item>
      <title>Challenge 5: XSS bypass Client-Side Length Limit</title>
      <link>https://raghu.io/xss-bypass-client-side-length-limit-challenge-5/</link>
      <pubDate>Thu, 02 Feb 2023 05:48:16 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-bypass-client-side-length-limit-challenge-5/</guid>
      <description>Learn why client-side validation cannot be trusted all the time and how it can be tampered with by browser debugging tools for exploiting XSS</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-bypass-client-side-length-limit-challenge-5/featured.png" />
    </item>
    
    <item>
      <title>Challenge 4: XSS using HTML attribute</title>
      <link>https://raghu.io/xss-using-html-attribute-challenge-4/</link>
      <pubDate>Wed, 18 Jan 2023 07:29:22 +0000</pubDate>
      <author>hello@raghu.io (Raghunath Gopinath)</author>
      <guid>https://raghu.io/xss-using-html-attribute-challenge-4/</guid>
      <description>Learn how the XSS payload can be crafted using HTML5 event attributes rather than using the classic &amp;lt;script&amp;gt; tag</description>
      <media:content xmlns:media="http://search.yahoo.com/mrss/" url="https://raghu.io/xss-using-html-attribute-challenge-4/featured.png" />
    </item>
    
  </channel>
</rss>
