I’ve been hacking browsers for over 15 years and one of the challenges I set myself was to find a SOP bypass or info leak in every major browser. Chrome was the last browser standing…until now. Thi...

Countless applications rely on Amazon Web Services’ Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these mess...

First defined in 1998, the iCalendar standard remains ubiquitous in enterprise software. However, it did not account for modern security concerns and allowed vendors to create proprietary extension...

The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-acces...

James Kettle’s 2016 research was instrumental in raising awareness of the deleterious effects of CORS (Cross-Origin Resource Sharing) misconfiguration on Web security. Does the story end there, tho...

Whilst testing for XSS vectors, we found some new ways of framing a web site that don’t use the iframe element. Naturally, we’ve updated our XSS cheat sheet to document them. We discovered that Chr...

The HTML Sanitizer is a great new API that allows web developers to filter untrusted HTML natively in the browser rather than use a JavaScript library such as DOM Purify. Microsoft created a simila...

We recently launched a new version of DOM Invader that can find Client-Side Prototype Pollution (CSPP). If you’re not already familiar with Client-Side Prototype Pollution, check out the post above...

TL;DR when money is involved, things can get ugly. Your best bet is to be clear about the terms up-front and stick to the 50/50 rule. Don't share information with people you don't have th...

TL;DR when money is involved, things can get ugly. Your best bet is to be clear about the terms up-front and stick to the 50/50 rule. Don't share information with people you don't have the privileg...