White Box Web Application Testing for Pentesters and Bug Bounty Hunters

White box web application penetration testing is one of my favorite things to do in the security world. If you’re new to this, “white box” means you have access to the source code of the application you’re testing. Keep in mind that the vast majority of what I will discuss in this post actually applies

Microsoft OAuth Open Redirect

What is an open redirect? Open redirects are a web application vulnerability that allows an attacker to redirect a user to a malicious website. It can also be used to phish a user’s credentials, deliver malware, and sometimes perform XSS. An oft used example is as follows: Upon clicking this link, a victim is redirected