Multiple XSS Bugs: Real-World Lessons & Fixes
Reflected and stored XSS found in a real web app — the risk, business impact, and the secure fixes teams should apply.
Read on Medium →Blog
Real-world vulnerability write-ups from authorised testing and responsible disclosure — what was found, the business impact, and how to fix it.
Reflected and stored XSS found in a real web app — the risk, business impact, and the secure fixes teams should apply.
Read on Medium →Two HTML injection vulnerabilities discovered in AT&T's website URL parameters, the business impact, and how to prevent them.
Read on Medium →A reflected XSS found in BlackBerry's website, its business risk, and the defensive controls that shut it down.
Read on Medium →How an open-redirect flaw fuels phishing and brand damage — and how to stop it with validation and allowlists.
Read on Medium →Peer-reviewed book chapter on methodology for penetration testing cloud-hosted web applications.
Read on Springer →Ongoing hands-on practice in reconnaissance, exploitation and attack simulation through Hack The Box challenges.
View profile →Responsibly disclosed vulnerabilities through bug bounty programs on Bugcrowd and HackerOne.
View profile →