A server-side request forgery (SSRF) is a type of vulnerability that consists in tricking a server into sending network requests to unintended hosts. In some cases (e.g. Scott Helme’s Security Head...

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided to call it quits and do some chores. I needed to buy gifts for a friends birthday an...

I recently stumbled upon a critical instance of broken-access control, and I thought its story would make for an interesting blogpost. I’ve deliberately omitted some details (e.g. irrelevant HTTP h...

While GraphQL promised greater flexibility and power over traditional REST APIs, GraphQL could potentially increase the attack surface for access control vulnerabilities. Developers should look out...

Nearly every one of the successful bug bounty hunters I’ve met all seem to have one thing in common, and that is that they absolutely love what they do.

Rocket League gives out in-game “white hats” for your character to wear if you submit, what is deemed by them, to be a “severe security vulnerability”. Over the idle time provided by the ongoing pa...

Despite the increased adoption of Object-Relational Mapping (ORM) libraries and prepared SQL statements, SQL injections continue to turn up in modern applications. In real-world scenarios, research...

My first guest post on Honeybadger’s blog, entitled Plugging Git Leaks: Preventing and Fixing Information Exposure in Repositories has just been published!

While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If han...

<p>You can find this blog post on Assetnote's blog.</p>