I am a Web Application Security Consultant and Pen Tester. I'm currently part of the AppSec team at Maglan - Accenture Security. All Views are my Own.
Nothing here yet.
Jan 9, 2023 · 8 min read · The process of finding SQL injection vulnerabilities involves identifying user data entry, tampering with the data sent to the application, and identifying changes in the results returned by the server. You have to keep in mind that tampering with th...
Join discussion
Jul 7, 2022 · 9 min read · This past week I had the opportunity to test a file upload feature which only allowed pdf files to be uploaded. I tried to bypass the filter by appending a second filetype to the filename test.pdf.svg But I still received an error. After some trial a...
Join discussion
Jul 6, 2022 · 4 min read · Disclaimer: The content of my articles is truly the hard work of researchers in the field who have put the time and energy to discover these great attack vectors. Im only gathering the materials they have written and presenting it in a manner that I ...
Join discussion
Jul 5, 2022 · 6 min read · Pre-Conditions Portions of this article have been copied from Portswigger Academy. There are many other tips and bypasses that have been added from other resources to help aid bug hunters and pentesters. For a CSRF attack to be possible, three key ...
Join discussion
Jul 4, 2022 · 7 min read · Introduction Server Side Request Forgery can technically be viewed as an Authorization issue as you are manipulating the server to make requests on your behalf. Often the server will have authorization to resources you don't have (Think http://localh...
Join discussion
