Collaborate Disseminate
Layered security mechanisms are forcefully promoted by industry standards such as PCI DSS and (briefly) the OWASP Top 10. In this post, I’ll argue that the blanket application of such an approach is both misguided and hazardous, by showing that sta… Continue reading When Security Features Collide
Burp Suite is privileged to serve as a platform for numerous extensions developed and shared by our community of users. These expand Burp’s capabilities in a range of intriguing ways. That said, many extensions were built to solve a very specific pro… Continue reading Adapting Burp Extensions for Tailored Pentesting
It’s well known that some websites are vulnerable to IP address spoofing because they trust a user-supplied HTTP header like X-Forwarded-For to accurately specify the visitor’s IP address. However, until recently there was no widely known reliable … Continue reading How I Accidentally Framed Myself for a Hacking Frenzy
@media all {
.page-break { display: none; }
}
Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been l… Continue reading Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface
Abstract
Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures – almost like an anti-virus. In this document, I’ll share the conception a… Continue reading Backslash Powered Scanning: Hunting Unknown Vulnerability Classes
Abstract
Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures – almost like an anti-virus. In this document, I’ll share the conception a… Continue reading Backslash Powered Scanning: Hunting Unknown Vulnerability Classes
(or CORS Misconfiguration Misconceptions)
This is a greatly condensed version of my AppSec USA talk. If you have time (or struggle to understand anything) I highly recommend checking out the slides and watching the video.
Cross-Origin Resource Sharin… Continue reading Exploiting CORS Misconfigurations for Bitcoins and Bounties
(or CORS Misconfiguration Misconceptions)
This is a greatly condensed version of my AppSec USA talk. If you have time (or struggle to understand anything) I highly recommend checking out the slides and watching the video.
Cross-Origin Resource Sha… Continue reading Exploiting CORS Misconfigurations for Bitcoins and Bounties
I was recently asked whether it was safe to store session tokens using Web Storage (sessionStorage/localStorage) instead of cookies. Upon googling this I found the top results nearly all assert that web storage is highly insecure relative to cookies, a… Continue reading Web Storage: the lesser evil for session tokens
I was recently asked whether it was safe to store session tokens using Web Storage (sessionStorage/localStorage) instead of cookies. Upon googling this I found the top results nearly all assert that web storage is highly insecure relative to cookies, a… Continue reading Web Storage: the lesser evil for session tokens