Joy Mukherjeecodegeeks.hashnode.dev·13 hours ago9 Common Security Vulnerabilities in Web ApplicationsWeb applications have become integral to our daily lives, facilitating everything from online shopping to social interactions. However, the increasing complexity of web apps also brings a higher risk of security vulnerabilities. Cyberattacks can resu...Discusswebsecurity
Panagiotis Vasilikossecuringbits.com·Sep 27, 2023Finding Credentials in A Dev's MachineDiscovering credentials on a developer's machine is like stumbling upon a goldmine 🧈. Here are eight crucial locations on a Unix-type machine where credentials can be found 👇.Discuss·33 reads#cybersecurity
Panagiotis Vasilikossecuringbits.com·Sep 20, 2023GitHub RepoJackingHave you heard of GitHub RepoJacking? 💀 Ilay Goldman (@goldmanilay) and Yakir Kadkoda (@YakirKad) from the Aqua Security Team have discovered 37k vulnerable repositories that are at risk of RepoJacking, posing a significant threat to organizations.Discuss·37 readsApplication Security
RequestlyforRequestlyrequestly.hashnode.dev·Sep 20, 2023How to Use Session Recording To Debug FasterSession recording refers to the process of capturing and recording the interactions and activities of users on a website or web application. This recording typically includes the actions users take, such as clicking buttons, filling out forms, naviga...DiscussBugs and Errors
Hacktushacktus.hashnode.dev·Sep 18, 2023OAuth Misconfiguration Leading to Unauthorized Admin Access For All Org ProductsTL;DR ? I signed up using any unclaimed email on application_2 (e.g., victim@example.com) due to no email verification, then logged into the victim's account on application_1 using the SSO feature that allowed me to log in using application_2. Introd...Discuss·10 likes·1.0K readspenetration testing
h0neyp0tbeesploit.hashnode.dev·Sep 14, 2023The HTTP Protocol Made EasyIntroduction Hello, 1337 h4xxors, I recently started the Certified Bug Bounty Hunter course from HackTheBox for a simple reason: I'm lame at Web Hacking 🫥 This has made me want to write more blog posts about what I've learned. This will also help me...Discuss·2 likes·48 readsWeb Hackinghttp
Panagiotis Vasilikossecuringbits.com·Sep 13, 2023Web Cache Deception AttackHave you heard of the Web Cache Deception Attack? 💀 This technique involves malicious actors exploiting caching mechanisms to deceive the cache system, which can result in unauthorized access or data manipulation.Discussbugbounty
Akbar KhanforBreachForcebreachforce.net·Sep 10, 2023Google DorkingWhat is a Google Dork? Google Dorking is also known as “Google hacking.” Google Dorking or Google hacking refers to using Google search techniques to hack into vulnerable sites or search for information that is not available in public search results....Discuss·1 likereconnaissance
Panagiotis Vasilikossecuringbits.com·Sep 6, 2023HTTP Response Headers: Usage and Security AbuseHTTP Response Headers: Usage 🛠 and Security Abuse ☠. Those complement the HTTP Request Headers we saw last week :)Discusswebsecurity
Dwayne McDanielforGitGuardiangitguardian.hashnode.dev·Aug 31, 2023Researcher finds GitHub admin credentials of car company thanks to misconfigurationOn August 21, 2023, security researcher and HackerOne Advisory Board Member Corben Leo announced on social media that he had "hacked a car company" and went on to post a thread explaining how he "gained access to hundreds of their codebases." Corben...DiscussGitHub
