XSS With Hoisting – Brute XSS
When dealing with JavaScript injection scenarios sometimes we might get into a difficult situation: the target page is not meant...
Read more →Category: Mix
h@cktivitycon – Pizza Time (Web 750)
HackerOne just ran the online h@cktivity con and with it was a CTF. I spent 15 hours solving the big...
Read more →
Introducing The Tech Leader Docs
A new resource for software development leaders by Victoria Drake. I’m launching a brand new paid newsletter on Substack focused...
Read more →
NahamCon 2021 – Introduction to Axiom – The Dynamic Infrastructure Framework for Everybody! @pry0cc
NahamCon 2021 – Introduction to Axiom – The Dynamic Infrastructure Framework for Everybody! @pry0cc Source link
Read more →
Bug Bounty and Other Inclusive Communities
In these strange times it’s important that we come together. A good way to find like-minded individuals is to join...
Read more →
RCE in Avaya Aura Device Services – Assetnote
For those who haven’t had the pleasure, Avaya Aura is a (rather complicated) platform for managing IP phones. Today we’re...
Read more →
Fastjson: exceptional deserialization vulnerabilities – Alphabot Security
Intro Many of you may never have heard of the Java based JSON serialization library called Fastjson, although it’s quite...
Read more →
The Top 5 Most Common Mobile App Security Flaws – allysonomalley.com
Whether you’re a pentester looking to gain some experience in mobile hacking or a developer aiming to build secure apps,...
Read more →
GitLab AMA – Bug Bounty with Alex Chapman
GitLab AMA – Bug Bounty with Alex Chapman Source link
Read more →
Deserialization in Perl v5.8 | Agarri : Sécurité informatique offensive
Deserialization in Perl v5.8 During a pentest, I found an application containing a form with a hidden parameter named “state”....
Read more →
Predictions for 2023 from Latest API Threat Research
March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like...
Read more →
Scanning for hardcoded secrets in source code | Security Simplified
Scanning for hardcoded secrets in source code | Security Simplified Source link
Read more →