JavaScript Source Map Vulnerabilities
What is a JavaScript source map file? Source map files map the transformed, minified, or compiled code back to the original source code, and they can often be found exposed publicly in web applications. This is particularly useful for debugging...
What is Blind XSS?
You may have heard of Reflected Cross Site Scripting (XSS) or Stored XSS, but what is Blind XSS? Unlike traditional XSS attacks, where the immediate impact is visible, Blind XSS vulnerabilities are typically triggered when the malicious input is viewed...
Software and Data Integrity Failures – OWASP Top Ten
Welcome to the final entry in our OWASP Top Ten Series – Software and Data Integrity Failures. If you haven’t read any of the previous ones, check them out. Among the OWASP Top Ten entries, Software and Data Integrity Failures...
White Box Web Application Testing for Pentesters and Bug Bounty Hunters
White box web application penetration testing is one of my favorite things to do in the security world. If you’re new to this, “white box” means you have access to the source code of the application you’re testing. Keep in...
OWASP Top Ten – Insecure Design
Insecure Design was a new entry when the latest version of the OWASP Top Ten was released in 2021. An really, what it gets at is a good lesson – Designing an application with security in mind can go a...
OWASP Top Ten – Broken Access Control
First things first, did you know that the OWASP acronym has changed from Open Web Application Security Project to Open Worldwide Application Security Project? Neither did we! But onto the real stuff. Today we have another entry in the OWASP...
Penetration Testing: White Box, Black Box, and Grey Box Testing
In this post, we’ll dive into the definitions and differences between white box, black box, and grey box testing so that you can better understand these essential techniques for securing your attack surface. But first, let’s get the basics right....
Certification Pinning and Root Detection: Helpful but Not Unhackable
Introduction As mobile app developers, we are constantly striving to create secure and reliable applications for our users. To achieve this, we often employ various security measures such as certificate pinning and root detection. While these practices undoubtedly enhance the...
Insecure Direct Object Reference (IDOR) Vulnerabilities: Understanding, Exploiting, and Detecting
Introduction Insecure Direct Object Reference, or IDOR, is a common security vulnerability that exposes sensitive data and allows unauthorized access to resources. It is a critical issue that often appears in the OWASP Top Ten, a list of the most...
Reflected XSS: Differences and Relationship with Stored and DOM XSS
scripts into web pages viewed by users. In this blog post, we will explore the concept of reflected XSS, compare it with stored and DOM XSS, and discuss if reflected XSS can also be stored or DOM XSS. Reflected XSS:...