Recently I was going through a number of Bug Bounty programs looking for one particular weakness. The weakness I was focusing on is called Open Redirect (or Insecure Redirect). The most common form of this is where a user tries to load a page which requires them to be logged in. On many websites this … Continue reading Bypassing XSS filters
Critical stored XSS vulnerabilities found in popular webmail client
Imagine if simply opening an email could result in the entire contents of your mailbox being stolen. That's exactly what was possible on this popular webmail client used by millions of email addresses around the world. Let me demonstrate what I found...
Hibob hacked (ethically)
Cross site scripting (XSS) is nothing new, it has been prevalent for as long as I have been a developer. In my experience, frameworks have reduced the amount we have to worry about protecting against certain attacks as they often handle the escaping for you. However this can give a false sense of security and … Continue reading Hibob hacked (ethically)
Cross-Site Request Forgery (CSRF) attacks in MVC and Web Forms
With malicious attacks on users forever on the rise we must always ensure that we build our web applications in a secure manner. This is easier said than done when there are many common exploits that can be taken advantage of and when developers are rarely security experts themselves. Cross-Site Request Forgery is just one … Continue reading Cross-Site Request Forgery (CSRF) attacks in MVC and Web Forms