#66

Web AppSec Interview Questions

If you are getting ready for a job interview and you need to prepare yourself for the questions, @0xTib3rius has your back. He published a list of 55 questions on his blog, along with answers. https://tib3rius.com/interview-questions There’s also a repo here with more...

New free SSRF testing tool

@bebiksior created a tool that makes allows you to test SSRFs really easily. You no longer have to code something yourself if you need to control the HTTP response when testing for SSRFs. And it’s free to use! https://twitter.com/bebiksior/status/1723797751958257786

CTTB – The OG Bug Bounty King – Frans Rosen

If you are not listening to the Critical Thinking Bug Bounty Podcast, you are missing out on tons of useful, intermediate to advanced bug bounty and web security tips. I do listen to every single episode. Recently, I played the one with Frans Rosen and, at times, it...

JS Monitoring implementation

I’ve been hearing about monitoring JS files for years now and I know that I should start doing it. Youssef Sammouda - Meta’s TOP1 hacker told me in my podcast that he chooses his targets based on monitoring JS files. But I still never got to it. Some of the reasons...