search
Follow Topic rss_feed

So let’s make the assumption you’re in tech already and want to change streams to cyber, where do you begin!

Bharat Dwarkani shared on Mar 15, 2020
image
towardsdatascience.com
bookmarks
share
favorite_border0 visibility6
favorite_border0 visibility6 share bookmarks

The Mozilla Observatory has helped over 170,000 websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.

Bharat Dwarkani shared on Mar 12, 2020
image
observatory.mozilla.org
bookmarks
share
favorite_border0 visibility3
favorite_border0 visibility3 share bookmarks

JSON web tokens are a type of access tokens that are widely used in commercial applications. They are based on the JSON format and includes a token signature to ensure the integrity of the token. Today, we are going to talk about the security implications of using JSON web tokens (and signature-based tokens in general), and how they can be exploited by attackers to bypass access control.

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
favorite_border0 visibility12
favorite_border0 visibility12 share bookmarks

Regex is everywhere on the Internet nowadays. Downing Servers With Evil Regular Expressions. But can regex also lead to vulnerabilities? Today, let’s explore how attackers can exploit poorly…

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
favorite_border0 visibility7
favorite_border0 visibility7 share bookmarks

As a company grows, it becomes increasingly difficult to secure the hundreds and thousands of machines on the network. Often, all an attacker needs to compromise a network is a single bug on a public-facing machine! Today, we will talk about a common vulnerability on the network perimeter…

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks

31-days-of-API-Security-Tips

Bharat Dwarkani shared on Feb 05, 2020
image
github.com
bookmarks
share
favorite_border0 visibility6
favorite_border0 visibility6 share bookmarks

Effortlessly finding Cross Site Script Inclusion (XSSI) & JSONP for bug bounty

Bharat Dwarkani shared on Feb 05, 2020
image
medium.com
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

Bharat Dwarkani shared on Jan 29, 2020
image
owasp.org
bookmarks
share
favorite_border0 visibility5
favorite_border0 visibility5 share bookmarks

innerHTML is a JavaScript tag whos property is used for DOM manipulation. More specifically, it "sets or returns the HTML content (the inner HTML) of an element." Ordinarily, this property is used to examine the current HTML source of the page, including any changes that have been made since the page was initially loaded. But, it can also be used for Cross-site Scripting(XSS).

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
favorite_border0 visibility7
favorite_border0 visibility7 share bookmarks

A JavaScript Polyglot is a Cross Site Scripting (XSS) vector that is executable within various injection contexts in its raw form, or a piece of code that can be executed in multiple contexts in the application. So, a JavaScript polyglot can be multiple things at once, like a JavaScript/JPEG

Bharat Dwarkani shared on Jan 26, 2020
image
dev.to
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks
add