#35

Twitch Internal Security Tools

As you may have heard, some time ago Twitch had a massive leak of its source code. It included a lot of their internal tools. Mazin Ahmed took on the challenge to analyse all the 129 security tools that are present in the leak....

An undervalued Burp extension with enormous possibilities

Probably not many of you know about Burp’s extension called Piper. It’s a tool that allows you to pipe requests and responses in Burp into any terminal tool and show the output inside Burp. For example, you can make it automatically pipe any JSON request/response into...

Learning GraphQL #3 – subscriptions

Welcome to another lesson of the Learning GraphQL course! It’s a series where I develop an application with GraphQL so that you and I understand it better. I also point out anything that stands out to me from the security standpoint - unclear docs, recommendations or...

Burp’s comparer inside repeater

Diff Last Response is an experimental extension in Burp’s which is kinda like having a comparer built-in to the repeater - it shows you what has changed in the response between the last 2 requests. It looks a bit odd because of the background the colour and the font...

Mass assignment vulnerabilities

Mass assignment is an authorization-related vulnerability class. It’s actually quite an easy one to understand and also to quickly search for in a big codebase. Mass assignment example Let’s start with an example. A developer wants to create an endpoint to register a...