#60

Who should worry about prompt injections?

Prompt injection is a very new subject in security. If you, like me, don’t have all the time to dedicate to it, it’s quite hard to grasp all the possible insecure scenarios. But luckily, rez0, probably the most active AI hacker, published Prompt Injection Primer for...

XSS with script CSP bypass

This writeup shows a very interesting way of bypassing CSP by exploiting the fact that the nginx error page has no CSP in combination with using apis[.]google[.]com JSONP endpoint. In short, first, Kevin created an iframe with a non-existing path and then in the JSONP...

Unminify JS with AI

A few new code analysis tools have dropped recently. One of them is Humanify, used for un-minifying JavaScript code using AI. I think I don’t need to convince anyone about the usefulness of this. I’m interested to see how it deals with bigger files....

DevTools #4 – But where to actually set breakpoints?

This is the fourth and last issue of the series about using DevTools. After reading this, you will have all the tools needed to successfully work with JavaScript. Well, all apart from one. The most important one - the experience. Because I can’t give you that. But...