An introduction to CSPT, including some advances WAF bypass and exploitation techniques.

dangerouslySetInnerHTML is dangerous, and using it carelessly will create XSS vulnerabilities in your application. In this article, we discuss why the property is there, how you can use it, and how the Signal messenger misused it.

On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…

Master programming by recreating your favorite technologies from scratch. - codecrafters-io/build-your-own-x

Web cache poisoning is a type of attack that targets the caching mechanisms used by web browsers, proxy servers, and other intermediaries to temporarily store and serve previously requested web content. The goal of a web cache poisoning attack is to trick…

CSP Bypasses in GitHub, GitLab Pipeline Criticals, Tips for Full-Time Bug Bounty, and a Browser Behavior Gadget with Johan Carls

Hi after going through all the Black Hat and DEFCON web security researches in 2024 , I noticed that the easiest way to break web apps is…

Portswigger just disclosed a report of mine over on HackerOne. It’s an unusual report in that the issue reported is purely a CSP bypass. I thought that I could provide a bit of context to the report to answer some questions raised in relation to it. First…

A story about an incredibly impactful XSS vulnerability I found using a client side template injection which was limited to 4 characters.

Find out whether you’re underestimating Cross-Origin Resource Sharing (CORS) vulnerabilities in our latest research.