#53

How to win arguments in bug bounty reports?

The biggest positive of bug bounty is that you can do it from anywhere in the world. You don't need a contract or anything. However, the other side of this coin is that you just have to trust the bug bounty program that they will do the right thing. Often, they...

Where to start AI hacking?

I’ll admit that I have a strange feeling of relief because of the current AI hype. I wanted to learn something new for a long time now. There was Web3 for a while but it didn’t convince me as a user. I saw the huge bounties, I saw the success of Gary V and I thought...

Hackers are Shifting Left, Too – Spaceraccoonsec

Shift left is the trend where developers introduce security checks as early as possible in the development lifecycle. Along with some other factors, it makes the software more secure. However, every time you introduce any component to the pipeline, you also introduce...

XSS attacks via Content sniffing

In short, content sniffing is a bug that causes the browser to interpret a response without a content-type header as HTML. This vulnerability can be exploited to smuggle XSS payloads in files like images. I was aware of this issue and had found a few XSS...

Good Web Security course for beginners

People often ask me for recommendations on a good introductory web security book or resource. While I learned from the legendary “Web Application Hacker's Handbook”, it was already out-of-date by 2017, so I hesitate to recommend it today. A course from Stanford...