Hunting for blind XSS vulnerabilities: A complete guide
Cross-site scripting (XSS) vulnerabilities are quite common and fun to find. They also carry great impact when chained with other vulnerabilities. But there’s another variant…
Category: Mix
The Top 10 Data Breaches of 2024
2024 has been a tumultuous year in cybersecurity with numerous significant data breaches compromising sensitive information and affecting millions globally. While these breaches have caused…
Top Open Source API Security Tools
The modern world relies on Application Programming Interfaces (APIs). They allow applications to communicate with each other, servers, and consumers to facilitate data sharing and…
Testing JavaScript files for bug bounty hunters
You’ve with no doubt heard or seen other fellow bug bounty hunters find critical vulnerabilities thanks to JavaScript file enumeration, right? This article is all…
The not-so-secret hack to impactful bug bounty programs
At the core of every thriving bug bounty platform lies its triage team. These teams evaluate vulnerability reports, deciding on escalation and prioritization. Moreover, they…
Breaking Down the OWASP Top 10: Insecure Design
In the absence of these considerations, systems can be retrofitted with ineffective security controls or lack them entirely. This can be attributed to teams rushing…
New York Releases AI Cybersecurity Guidance: What You Need to Know
AI adoption is accelerating in the financial services industry, both as an asset for improving business operations and as a potential tool to defend against…
A complete guide to finding advanced file upload vulnerabilities
File upload vulnerabilities are fun to find, they are impactful by nature and in some cases even result in remote code execution. Nowadays, most developers…
How Crypto and Blockchain Organizations Manage Complex Attack Surfaces With Competitive Security Testing Programs
There are three factors that differentiate crypto and blockchain organizations from other industries; their attack surfaces, their most common vulnerabilities, and the amount they spend…
How a Privilege Escalation Led to Unrestricted Admin Account Creation in Shopify
In a privilege escalation attack, an attacker gains elevated rights, permissions, or entitlements beyond the intended level associated with their identity, account, or device. Systems…
The key to ensuring software quality and reliability
Regression testing is a crucial part of software development that ensures new code changes don’t negatively affect existing functionality. It comes into play for developers…
Hack My Career: Saskia Braucher
When Saskia joined the tech world, she didn’t follow the conventional path of computer science degrees or coding boot camps. Instead, her journey was shaped…