Tag feed

#websecurity

368 posts35 followers

Trending tags this week

Biohazard (CTF Challenge - THM)

1d ago · 17 min read · Introduction Welcome to Biohazard room, a puzzle-style CTF. Collecting the item, solving the puzzle and escaping the nightmare is your top priority. Can you survive until the end? If you have any ques

Join discussion

MBMokshan Basurumokshan.hashnode.dev

0

Bypassing safeMode: A Journey from JSONP to Stored XSS

Mar 26 · 4 min read · In modern web security, we often rely on client-side flags to toggle security features. But.... If attacker can reach into the global window object and flip those switches what happens? In this post,

Join discussion

SCShaishab Chandra Shilshaishab316.hashnode.dev

0

CSRF token to protect cookies

Mar 15 · 4 min read · If you're storing session data or auth tokens in cookies, you're already one step ahead of localStorage. But cookies come with a well-known vulnerability — Cross-Site Request Forgery (CSRF). In this p

Join discussion

JJebitoksharonjebitok.com

0

SQL Injection - CWE 89 (YesWeHack Dojo)

Mar 14 · 7 min read · Introduction SQL injection has been on the OWASP Top 10 for years — not because developers don't know about it, but because unsanitized user input keeps finding its way into database queries. CWE-89 (

Join discussion

JJebitoksharonjebitok.com

0

SSTI (TryHackMe)

Mar 14 · 11 min read · Server-Side Template Injection (SSTI) is one of those vulnerabilities that looks deceptively simple on the surface but can escalate to full remote code execution faster than most people expect. In thi

Join discussion

JJebitoksharonjebitok.com

0

Love Letter Locker (TryHackMe) - IDOR

Mar 5 · 6 min read · Lover Letter Locker is a Valentine's-themed web application that allows users to create and store love letters. The challenge description hints at privacy concerns with "For your eyes only?" - suggest

Join discussion

CSCyenetic Solutions Ltdcyenetic.hashnode.dev

0

The no. 1 OWASP Web Security Risk in 2025-2026: How Broken Access Control Can Destroy Your Business & Revenue (And How to Stop It)

Feb 24 · 4 min read · As a Business Owner, you probably don't spend your days thinking about code vulnerabilities. You're focused on growth, customers, revenue, and staying ahead of competitors. ![Image](data:image/png;bas

Join discussion

JJebitoksharonjebitok.com

0

TryHeartMe (TryHackMe CTF Writeup)

Feb 20 · 6 min read · TryHeartMe is an e-commerce/web exploitation Challenge that was part of the Love at First Breach 2026, red team beginner’s CTF. It covers JWT token manipulation using the "none" algorithm attack to by

Join discussion

JJebitoksharonjebitok.com

0

Hidden Deep Into my Heart - Information Disclosure (TryHackMe)

Feb 20 · 4 min read · Hidden Deep Into My Heart is a web application information disclosure Challenge that was part of the Love at First Breach 2026, red team beginner’s CTF. It covers: web enumeration broken authenticat

Join discussion

JJebitoksharonjebitok.com

0

JavaScript: Simple Demo (TryHackMe)

Feb 17 · 17 min read · JavaScript: Simple Demo is a pre-security room by TryHackMe that allows beginners to learn the fundamentals of JavaScript, a programming language mostly used in the development of web applications, which security professionals commonly interact with ...

Join discussion

#websecurity

Search Hashnode

#websecurity

Trending tags this week

Biohazard (CTF Challenge - THM)

Bypassing safeMode: A Journey from JSONP to Stored XSS

CSRF token to protect cookies

SQL Injection - CWE 89 (YesWeHack Dojo)

SSTI (TryHackMe)

Love Letter Locker (TryHackMe) - IDOR

The no. 1 OWASP Web Security Risk in 2025-2026: How Broken Access Control Can Destroy Your Business & Revenue (And How to Stop It)

TryHeartMe (TryHackMe CTF Writeup)

Hidden Deep Into my Heart - Information Disclosure (TryHackMe)

JavaScript: Simple Demo (TryHackMe)