SQL Injection in 1 min!
A lot could go wrong on the internet! A clever attacker can with ease gather all the intelligence he/she needs in order to conduct a…
Category: Mix
AlienVault streamlines their vulnerability disclosure with HackerOne Response
Like many organizations, AlienVault had set up a vulnerability disclosure policy for any bugs found on their website. If someone found a vulnerability, all they…
The basics of Cross-site Scripting (XSS)
A lot can go wrong on the Internet and XSS is without a doubt one of the most common web security issues we see today. Without…
The European Commission’s First-Ever Bug Bounty Program
The European Commission has selected HackerOne as the platform for their first ever bug bounty program. This not only expands the number of government agencies…
The basics of Local File Inclusions
Local File Inclusion is quite simply the act of including files that are stored on the web server you are interacting with. LFI’s twin, Remote…
Hacking the U.S. Air Force (again) from a New York City subway station
New York City during the holidays. Magical. Bringing together hackers from around the world to legally hack the U.S. Air Force. Double the magic. On…
Malicious Data Mining @ HyperIsland
Johan Edholm and I (Fredrik Nordberg Almroth) had a talk a while back at HyperIsland, Stockholm (the 18’th of October) for the DDS13 group. The purpose of the talk…
Bug Bytes #201 – Path Traversal, Prompt Injection, and GitHub Actions
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
Alex Rice and Zane Lackey Discuss Modern Security for Practitioners
Our co-founder and CTO, Alex Rice, was a recent guest on The Modern Security Series by Signal Sciences, along with Signal Sciences’ co-founder and CSO,…
How I hacked Facebook and received a $3,500 USD Bug Bounty
Find out how our Security Researcher Frans Rosén hacked Facebook and found a stored XSS for which he received a bug bounty reward. I recently found…
Samy Kamkar’s Security@ San Francisco Keynote
If you were into social networks during the MySpace era, you might recall the Samy Worm of 2005. The worm spread through friend invitations, infecting…
Server-side Javascript Injections and more!
Today’s updates fill the needs of many of you out there! You asked for it, and now it’s in the Detectify engine! Here’s a breakdown…