web 38
- Top 10 web hacking techniques of 2024
- Top 10 web hacking techniques of 2024: nominations open
- [HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix
- 🍯 Bee-side 201 - Web Security Patterns, AI Integration & Growth Hacking Strategies
- [HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty
- 👩💻IW Weekly #134: Javascript Vulnerabilities, Microsoft ServiceNow Hacked, Recon Framework, Powershell on Web, Zendesk Vulnerability, Filtering Hostnames and many more…
- 👩💻IW Weekly #131: ROP For Security Bypass, Ruby Class Pollution, Mobile Hacking, Reverse Engineering, Hacking Websites With ZIP Files and many more…
- 👩💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more…
- 👩💻IW Weekly #123: Web Timing Attacks, Confusion Attacks, LUCI AuthDB Leak, LHEs vs Pwn2Owns, Reverse Engineering 101 and many more…
- Gotta cache 'em all: bending the rules of web cache exploitation
- Listen to the whispers: web timing attacks that actually work
- onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
- Introducing SignSaboteur: forge signed web tokens with ease
- Testing static websites and uncovering hidden security vulnerabilities
- 👩💻IW Weekly #98: Image to RCE, MySQL Server Access, Hacking College Website, RCE on Apple’s Production Server, Web-Cache Deception Vulnerability, Github Code Search, SSRF on Vercel and many more…
- Top 10 web hacking techniques of 2023
- 👩💻IW Weekly #95: From Rook to XSS, CVE-2023-5480, Response Manipulation to Privilege Escalation, Top 10 Web Hacking Techniques for 2023, Unicode Escape Handling in Java and many more…
- Top 10 web hacking techniques of 2023 - nominations open
- Blind CSS Exfiltration: exfiltrate unknown web pages
- 👩💻IW Weekly #80: Broken Access Control, XSS Basics, GraphQL Introspection Query, RCE Vulnerabilities, XSS Challenge, Scanners for Web Security Research and many more …
- How to build custom scanners for web security research automation
- 👩💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more..
- 👩💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more..
- Smashing the state machine: the true potential of web race conditions
- 👩💻IW Weekly #66: Citrix Gateaway-XSS, Web cache Deception, DNS Analyzer, ATO to XSS in GarphQL API, AWS S3 Bucket Leaks, $250K Coinbase API Hack and many more…
- Top 10 web hacking techniques of 2022
- Top 10 web hacking techniques of 2022 - nominations open
- Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
- Detecting web message misconfigurations for cross-domain credential theft
- Safari is hot-linking images to semi-random websites
- Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
- Existence oracle for Secure cookies on insecure Web origins
- Top 10 web hacking techniques of 2021
- Top 10 web hacking techniques of 2021 - nominations open
- GoSpider – Hacker Tools: Enumerate the web! 👩💻
- Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps
- Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps
- A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell