In Part 1 of the CSP series, we explored how CSP plays a major role in mitigating XSS and clickjacking attacks. Now that you're familiar with the basics of setting up a CSP and its importance, let's take it one step further. Today, we'll dive into two powerful CSP techniques: nonces and hashes. These allow us to safely run specific inline scripts…
Content Security Policy (CSP) is a powerful browser mechanism designed to prevent and mitigate common web vulnerabilities such as Cross-Site Scripting (XSS) and Clickjacking. CSP allows developers to specify which sources of content are trusted by the application. This guide will walk you through how CSP works, and how to use it to protect against Clickjacking with frame-ancestors. Real-world examples and practical…
Welcome to Part 2 of the CSRF series!While spotting CSRF vulnerabilities during testing or bug bounties is often straightforward, have you ever paused to think about what really happens behind the scenes when implementing mitigations? In Part 1, we explored the fundamentals of Cross-Site Request Forgery (CSRF), why it's dangerous, and how browsers now defend against it using mechanisms like SameSite cookies…
In the fast-moving world of web applications, caching plays a pivotal role in ensuring quick and efficient content delivery. However, as with most technologies, it comes with its own set of vulnerabilities. One of the most insidious threats in this realm is cache poisoning. This subtle yet powerful attack can manipulate what users see, disrupt functionality, and lead to severe security and…
The post is a walkthrough on how to configure ssl on linux instances. This can also be helpful when exploiting CORS.
Read about an interesting scenario of IDOR that allowed to me view private user information and also delete publicly available list.
The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.
The post talks about an interesting find of XSS even when the filter was used. It also covers the mistakes that a developer makes while sanitizing input.
The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE
XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.
Doctor is an easy linux machine from hackthebox. The initial foothold exploits SSTI/XSS and with splunkd you get the privilege escalation
End-users constantly make GET or POST request to the internet to retrieve information. The most common protocol used here is HTTP/S. But this communication is not just about making requests. It needs to be meaningful when sent from client to server or vice-versa. Here’s when HTTP header comes in. With headers, client/server can send additional information with HTTP request. In this blog…
Deploy django web applications for free on pythonanywhere. Also solve the hassle of storing static files.