About the Author

XSS Auditors – Abuses, Updates and Protection

IP Disclosure of Servers Behind WAFs Using Wordpress XML-RPC

Frame Injection Attacks

SameSite Cookies by Default in Chrome 76 and Above

Content-Type and Status Code Leakage

Separating Subdomains From Third-Party Hosted WWW Domains

WordPress XSS Vulnerability Can Result in Remote Code Execution (RCE)

Application Security is Vital Throughout SDLC

Behind the Scenes of Onion Services

Transforming Self-XSS Into Exploitable XSS

The End of CoinHive and the Rise of Cryptojacking

Introducing the Security of Cookies Whitepaper

Sound Hijacking – Abusing Missing XFO

Brave Browser Sacrifices Security

Phishing by Open Graph Protocol

Remote Hardware Takeover via Vulnerable Admin Software

Cross Site Cookie Manipulation

CVSS: Characterizing and Scoring Vulnerabilities

Using Session Puzzling to Bypass Two-Factor Authentication

Clickjacking Attack on Facebook: How a Tiny Attribute Can Save the Corporation

The Importance of the Content-Type Header in HTTP Requests

Tabnabbing Protection Bypass

Fragmented SQL Injection Attacks – The Solution

Exposing the Public IPs of Tor Services Through SSL Certificates

Web Browser Address Bar Spoofing

PHP Wrappers, Streams & Local File Intrusion (LFI)

The Dangers of Open Git Folders

NoScript Vulnerability in Tor Browser

Analyzing Impact of WWW Subdomain on Cookie Security

Final Nail in the Coffin of HTTP: Chrome 68 and SSL/TLS Implementation

What the Reddit Hack Teaches Us About Web Security

Leverage Browser Security Features to Secure Your Website