As you may have heard, some time ago Twitch had a massive leak of its source code. It included a lot of their internal tools. Mazin Ahmed took on the challenge to analyse all the 129 security tools that are present in the leak....
#35
Real-world cache poisoning examples
I must admit that I don’t test or think about cache poisoning bugs. And I probably should. If you are like me, then join me in reading this article about some real-world cases of cache poisoning bugs....
Scraping the bottom of the CORS barrel (part 1)
jub0bs started a series of blogposts about CORS-related issues. I really like his work and I learn a lot about client-side issues from him. I’m going to closely follow the series to learn a lot of nuances about browsers’ and servers’ exploitable behaviours. Here’s the...
An undervalued Burp extension with enormous possibilities
Probably not many of you know about Burp’s extension called Piper. It’s a tool that allows you to pipe requests and responses in Burp into any terminal tool and show the output inside Burp. For example, you can make it automatically pipe any JSON request/response into...
Why are there so many HTTP request smuggling false-positives?
I get a lot of questions about request smuggling false-positives. So I’m that much happier to see that PinkDraconian made a video specifically about this problem so I can redirect people there. So, if you’ve ever had this false-positive or you are curious what is the...
Learning GraphQL #3 – subscriptions
Welcome to another lesson of the Learning GraphQL course! It’s a series where I develop an application with GraphQL so that you and I understand it better. I also point out anything that stands out to me from the security standpoint - unclear docs, recommendations or...
Burp’s comparer inside repeater
Diff Last Response is an experimental extension in Burp’s which is kinda like having a comparer built-in to the repeater - it shows you what has changed in the response between the last 2 requests. It looks a bit odd because of the background the colour and the font...
Mass assignment vulnerabilities
Mass assignment is an authorization-related vulnerability class. It’s actually quite an easy one to understand and also to quickly search for in a big codebase. Mass assignment example Let’s start with an example. A developer wants to create an endpoint to register a...