search
Follow Topic rss_feed

One night I was sitting and decided to look at the security of Uber infrastructure, launched a scanner and my eye caught on the host data-07.uberinternal.com I charged nmap, port 9000 was found. It was an obscure web service - Portainer.

Bharat Dwarkani shared on May 25, 2020
image
link.medium.com
bookmarks
share
visibility2
visibility2 share bookmarks

HTML injection is an attack very similar to Cross-site Scripting (XSS), whereas in XSS the attacker can inject and execute Javascript code, in HTML injection attack it allows only the injection of certain HTML tags.

Bharat Dwarkani shared on Apr 18, 2020
image
link.medium.com
bookmarks
share
visibility10
visibility10 share bookmarks

The adoption of Unicode has also introduced a whole host of attack vectors onto the Internet. And today, let’s talk about some of these issues!

Bharat Dwarkani shared on Apr 12, 2020
image
link.medium.com
bookmarks
share
visibility6
visibility6 share bookmarks

So let’s make the assumption you’re in tech already and want to change streams to cyber, where do you begin!

Bharat Dwarkani shared on Mar 15, 2020
image
towardsdatascience.com
bookmarks
share
visibility8
visibility8 share bookmarks

The Mozilla Observatory has helped over 170,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.

Bharat Dwarkani shared on Mar 12, 2020
image
observatory.mozilla.org
bookmarks
share
visibility3
visibility3 share bookmarks

JSON web tokens are a type of access tokens that are widely used in commercial applications. They are based on the JSON format and includes a token signature to ensure the integrity of the token. Today, we are going to talk about the security implications of using JSON web tokens (and signature-based tokens in general), and how they can be exploited by attackers to bypass access control.

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
visibility17
visibility17 share bookmarks

Regex is everywhere on the Internet nowadays. Downing Servers With Evil Regular Expressions. But can regex also lead to vulnerabilities? Today, let’s explore how attackers can exploit poorly…

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
visibility9
visibility9 share bookmarks

As a company grows, it becomes increasingly difficult to secure the hundreds and thousands of machines on the network. Often, all an attacker needs to compromise a network is a single bug on a public-facing machine! Today, we will talk about a common vulnerability on the network perimeter…

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
visibility4
visibility4 share bookmarks

31-days-of-API-Security-Tips

Bharat Dwarkani shared on Feb 05, 2020
image
github.com
bookmarks
share
visibility10
visibility10 share bookmarks

Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty

Bharat Dwarkani shared on Feb 05, 2020
image
medium.com
bookmarks
share
visibility7
visibility7 share bookmarks
add