How to Find XSS | HackerOne
What Is XSS? XSS, short for Cross-Site Scripting, is a common type of vulnerability in web applications that executes arbitrary JavaScript in the victim’s browser.…
Category: Mix
IDOR: A complete guide to exploiting advanced IDOR vulnerabilities
IDOR —short for insecure direct object reference— vulnerabilities are one of the most commonly found web security vulnerabilities in modern web applications and APIs.It is…
Sales Development Representatives Win as a Team
In the following interview, Jessica discusses how she embodies HackerOne’s Win as a Team company value to drive her team’s success. What does Win as…
My View on The State of US Politics
.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; } .bh__table_cell { padding: 5px; background-color: #FFFFFF; } .bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap:…
Celebrating International Women in Engineering Day
While there has been progress in increasing the number of women in engineering roles, the representation of women in this field remains relatively low, and retention…
CVE-2024-2080: ASUS warns customers
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models.…
Community-driven PTaaS vs. Traditional Pentesting
Modern pentesting approaches use independent security researchers working under strict NDAs and advanced software platforms to streamline the process. However, with many vendors focusing on…
What You Need to Know and What the End of v3.2.1 Means for the Future of Digital Payments –
On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS)…
How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market –
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s…
A List of My Hard-won Life Lessons
I’m working on my context.md file for my personal Digital Assistant, and one part of that will be my model.md file, which is basically life…
The Fast-Slow Problem
I’ve been obsessed lately with the concept of slow versus fast. I’m calling it the Fast-Slow Problem. It refers to the speed and amount of…
HackerOne’s Cloud Security Capabilities for AWS Customers
HackerOne provides security capabilities for AWS customers looking to improve security in their cloud applications. These include vulnerability pentests specific to AWS environments, an AWS…