Recently I was going through a number of Bug Bounty programs looking for one particular weakness. The weakness I was focusing on is called Open Redirect (or Insecure Redirect). The most common form of this is where a user tries to load a page which requires them to be logged in. On many websites this … Continue reading Bypassing XSS filters
Imagine if simply opening an email could result in the entire contents of your mailbox being stolen. That's exactly what was possible on this popular webmail client used by millions of email addresses around the world. Let me demonstrate what I found...
Cross site scripting (XSS) is nothing new, it has been prevalent for as long as I have been a developer. In my experience, frameworks have reduced the amount we have to worry about protecting against certain attacks as they often handle the escaping for you. However this can give a false sense of security and … Continue reading Hibob hacked (ethically)
With malicious attacks on users forever on the rise we must always ensure that we build our web applications in a secure manner. This is easier said than done when there are many common exploits that can be taken advantage of and when developers are rarely security experts themselves. Cross-Site Request Forgery is just one … Continue reading Cross-Site Request Forgery (CSRF) attacks in MVC and Web Forms