Category: Mix

Emma Stocks | 03 July 2023 at 14:54 UTC Want to create customized scans without the hassle of learning advanced…

Summary URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can…

One of the targets we looked at late last year was Citrix Gateway. Citrix Gateway is another of these “all-in-one”…

Ollie Whitehouse | 29 June 2023 at 12:46 UTC Scripted scan checks in Burp Suite Professional are now a thing…

Customizable integrations for today’s security team  Resolving vulnerabilities quickly depends on several factors, not least how effectively security and product…

Introduction In today’s digital landscape, ensuring the security and performance of web applications is paramount. To achieve optimal protection against…

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by…

[*] 최근에 MSF로 Pivoting 환경에서 테스팅이 필요한 경우가 있었습니다. 방법 자체는 어려운게 아니라 그냥 몸에 있는대로 진행하긴 했는데, 생각해보니 블로그에…

In recent years there’s been a rise in “API Abuse” attacks, which includes detrimental automated behaviors such as malicious bots,…

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by…

Tom Shelton-Lefley | 20 June 2023 at 14:02 UTC There’s a running joke on the scanner development team; for the…

This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that…