Internal Monologue Capture · Joseph Thacker
I can’t stop thinking about a new concept AI applications could benefit from. I’m calling it internal monologue capture. When Daniel Miessler and I were…
Category: Mix
Security Page Updates: Boosting Consistency & Transparency for Security Researchers and Customers
Cross-Directional Consistency & Transparency on the HackerOne Platform HackerOne is a marketplace through which organizations can address security vulnerabilities with security researchers, and security researchers…
Hacking Salesforce Lightning: A Guide for Bug Hunters
Salesforce Experience (or Community) Cloud is a CRM platform that helps software companies and organizations manage their customer relationships. Software companies and organizations often use…
what it means for businesses and how to get ahead
Cybersecurity and resilience have always been key priorities for information security experts, but recently, they’ve captured the attention of the public as well. The recent…
Introducing our improved submission messaging
Today, we’re announcing a major upgrade to our submission messaging system, designed to streamline platform communication and boost efficiency for both researchers and companies on…
How to optimize your vulnerability management process
Effective vulnerability management is no longer just an IT concern; it’s a fundamental business imperative that affects every layer of an organization. The escalating frequency…
Introducing HackerOne Gateway Internal Network Testing: Superior Security for Internal Networks
Our Solution: Precision Internal Network Testing with Zero Trust Control We are excited to introduce Gateway Internal Network Testing (INT) as the latest enhancement to HackerOne Gateway, powered…
OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of…
Unlock enhanced API scanning with Burp Suite | Blog
Rob Samuels | 31 July 2024 at 12:17 UTC More comprehensive scans. More vulnerabilities identified. More time saved. Enhance your API scanning with Burp Suite.…
How a GraphQL Bug Resulted in Authentication Bypass
What Is an Authentication Bypass Vulnerability? An authentication bypass vulnerability is a weakness in a system that fails to protect against unauthenticated access, allowing an…
Once Again, Docker Addresses API Vulnerability
Summary A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not…
Hidden XSS? No User Interaction!
@kinugawamasato가 정말 멋진 페이로드를 가지고 왔습니다. 최근 글 XSS Bypass: alert_?_(45)에서 이야기 드렸듯이 요즘 XSS 벡터에 대한 리서치가 활발해지고 있는데요, 드디어 Hidden XSS에서 사용자 인터렉션을…