Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Tue, 03 Dec 2024

How bad is a missing Content-Type header?

Thu, 23 May 2024

APIs make XSS prevention a frontend job

Thu, 02 Feb 2023

Extracting data from insecure Elasticsearch templates

Thu, 12 Jan 2023

Analysis of the recent Oracle WebLogic Server remote code execution vulnerability

Fri, 20 Nov 2020

Cross-site Scripting in React Web Applications

Fri, 04 Sep 2020

Goodbye XSS Auditor

Wed, 04 Sep 2019

The Problem of String Concatenation and Format String Vulnerabilities

Thu, 27 Jun 2019

DNSFS: Is it possible to use DNS as a file system?

Tue, 08 Jan 2019

Discovering and hacking IoT devices using web-based attacks

Thu, 03 Jan 2019

Bypassing disabled system functions

Tue, 04 Dec 2018

Using Google bots as an attack vector

Thu, 08 Nov 2018