#62

Client-side vs server-side bugs

A very interesting take on client-side vs server-side bugs by Shubs. He said a similar thing in my podcast interview with him which you can listen to here. https://twitter.com/infosec_au/status/1698322940159557987

Finding Vulnerabilities with MRVA CodeQL

Some time ago, CodeQL got an addition of MRVA which allows to run CodeQL queries on multiple repositories. I’ve been procrastinating running some queries for a long time but the author of this article - Maiky didn’t procrastinate and described the process of finding...

API Security Testing using AI in Postman

I am not a big fan of separating API testing from the rest of the web - to me it’s a part of the web. However, in this blogpost, Dana Epp described a methodology of testing the API in Postman, utilising its AI assistant. I must say it looks really good. I think...

Client-side JavaScript Instrumentation

If you have been reading this newsletter for some time, you know I’m a heavy user of the DOM Invader browser extension. It’s great although it doesn’t come without cons and I’m not 100% comfortable relying on it. Especially since it only works in the embedded browser....