OWASP Top Ten 2025
The OWASP Top Ten is one of the most influential security awareness documents in application security, published by the Open Worldwide Application Security Project (OWASP). It represents a community-driven ranking of the most critical risks facing web applications. The 2025...
Web Application Security: Common Vulnerabilities and How to Prevent Them
Web applications are at the core of modern business operations—from e-commerce and client portals to internal tools and SaaS platforms. But as reliance on web apps grows, so does the attack surface. According to the OWASP Foundation, most breaches today...
Web and Mobile Application Fuzzing Best Practices
If you’re reading this, you’ve probably used tools like Ffuf or Gobuster to fuzz an application to expand the attack surface and potentially find sensitive files and directories. Unfortunately, we here at Brackish find that a lot of testers are...
JavaScript Source Map Vulnerabilities
What is a JavaScript source map file? Source map files map the transformed, minified, or compiled code back to the original source code, and they can often be found exposed publicly in web applications. This is particularly useful for debugging...
White Box Web Application Testing for Pentesters and Bug Bounty Hunters
White box web application penetration testing is one of my favorite things to do in the security world. If you’re new to this, “white box” means you have access to the source code of the application you’re testing. Keep in...