Everyone’s heard of the OWASP Top 10 - the often-cited list of major threats that every web developer should be conscious of. But if you cast your gaze across pentest reports and bug bounty findings,
Intro The OAuth2 authorization protocol has been under fire for the past ten years. You’ve probably already heard about plenty of “return_uri” tricks, token leakages, CSRF-style attacks on clients,...
Introducing haktrails: a small CLI Golang client for querying SecurityTrails API data. The post Introducing Haktrails: A Small CLI Tool Harnessing the Power of SecurityTrails ap
Overall, I felt that the OSEP was worth the price of admission given the sheer amount of content it throws at you, as well as the excellent labs that will solidify your learning-by-doing. Here’s my...
My third guest post on Honeybadger’s blog, entitled Subdomain Takeover: Ignore This Vulnerability at Your Peril has just been published!
Late last year, I was invited to Facebook’s Bountycon event, which is an invitation-only application security conference with a live-hacking segment. Although participants could submit vulnerabilit...
In this post, I dissect a common misconception about the SameSite cookie attribute and I explore its potential impact on Web security. TL;DR ¶ The SameSite cookie attribute is not well understood. ...
<p>You can find this blog post on Assetnote's blog.</p>
GovTech’s Cyber Security Group recently organised the STACK the Flags Cybersecurity Capture-the-Flag (CTF) competition from 4th to 6th December 2020. For the web domain, my team wanted to build cha...
GovTech’s Cyber Security Group recently organised the STACK the Flags Cybersecurity Capture-the-Flag (CTF) competition from 4th to 6th December 2020. For the web domain, my team wanted to build cha...