Mix

The Bug Hunter’s Methodology – Application Analysis | Jason Haddix

Cybernoz

March 29, 2023 1 min read

Share X / Twitter LinkedIn Reddit WhatsApp Email

The Bug Hunter’s Methodology – Application Analysis | Jason Haddix

Source link

Share X / Twitter LinkedIn Reddit WhatsApp Email

« Previous
API Report Shows 400% Increase in Attackers

Next »
Generative AI presents opportunities and challenges to UK schools

All Mix →

Mix

Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities

Table of Contents Intro Scope The state of the ViewState Server-side ViewState Client-side ViewState The attack on the ViewState The preconditions for a successful attack…

March 24, 2023 Cybernoz 8 min read

Mix

BugQuest 2026: 31 Days of Broken Access Control

In March 2026, we ran BugQuest, a 31-day campaign covering everything you need to know about finding and exploiting broken access control vulnerabilities. From understanding…

April 1, 2026 Cybernoz 4 min read

Mix

A Sad Outlook for Humanity

This doesn’t bode well. Here’s an interesting list of predictions from the study: The main drivers of religious affiliation to 2043 are immigration and secularization.…

April 12, 2025 Cybernoz 1 min read

Mix

GUEST BLOG: Vulnerability Disclosure Adoption In The Consumer IoT space Is Lagging, But What About Elsewhere?

There is a lot of focus, rightly so, on the consumer IoT space. We have had a lot of incidents in the past few years…

January 30, 2025 Cybernoz 3 min read

Mix

Hacker Herding – Bug Bounty Tips from Sky Betting & Gaming

UK-based Sky Betting & Gaming recently launched their own bug bounty program and shared some tips in a blog post: Hacker Herding – Ten Lessons…

May 28, 2023 Cybernoz 1 min read

Mix

[BugBounty] Decoding a $😱,000.00 htpasswd bounty

tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and…

March 15, 2023 Cybernoz 3 min read

Latest Posts

Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150
Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments
Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France
Fragmentation Defined 2025’s Threat Landscape. Here’s What It Means for 2026

Agbi
ArsTechnica
AttackDefense
Australiancybersecuritymagazine
Bankinfosecurity
Bleeping Computer
CISOOnline
CloudSecurity
ComputerWeekly
Crowdstrike
Cyber Security Ventures
CyberDefenseMagazine
CyberNews
Cyberscoop
CyberSecurity-Insiders
CyberSecurityDive
CyberSecurityNews
CyberWire
DarkReading
ExploitOne
GBHackers
Genel
HackerCombat
HackRead
HelpnetSecurity
IndustrialCyber
InfoSecurity
ITnews
ITSecurityGuru
Krebson
MalwareBytes
Mix
OTSecurity
PortSwigger
Rapid7
SCMP
securelist
Securityaffairs
SecurityWeek
techcrunch
TheCyberExpress
TheHackerNews
ThreatIntelligence-IncidentResponse
Tldrsec
Unit42
VendorResearch
welivesecurity
Wired
Zerosalarium

Related Articles