#57

DevTools #1 – Elements, Console and Network tabs

Browser Devtools is an amazingly powerful set of tools that can help you massively with finding client-side bugs and even make finding some server-side bugs easier. However, using devtools isn’t easy. Especially since there are tons of functionalities for developers...

How to choose a security research topic?

Incredibly, James Kettle produces novel web security research every single year. I have a huge respect for him! And I, probably like you, sometimes have thoughts about spending some time off my targets to instead invest some time into developing new techniques. But...

LLM OWASP TOP 10

I think OWASP TOP 10 lists are great resources for developers. They have a single resource that can give them sufficient amount of information to be at least somewhat aware of what risks are present. It’s also good when you are just getting familiar with a new area of...

Abusing Client-Side Desync on Werkzeug

Client-side desync bug class got a bit forgotten since it’s release one year ago. But it’s back in a great blogpost by Kevin Mizu. I liked how he also described the process of weaponizing the bug which included finding an open redirect....

Hacking Salesforce-backed WebApps

I know for a fact that Salesforce is properly complex and hard to secure. On the other hand, however, you need to know a lot of Salesforce-specific things to hack it well. From this blogpost, you can learn how are IDs created, why they are not as random as they look,...

Portswigger GraphQL labs

Portswigger labs are the best practical resource for learning the basics of web security. Period. They now released the article and 5 labs about GraphQL so if that’s something you want to improve at, make sure to give it a try!...