JJebitokinsharonjebitok.com·2d ago · 61 min readThreat Modeling for Pentesters (THM)Link to the Pentest Methodologies and Reporting path in TryHackMe: Threat Modeling for Pentesters Introduction It is your first week at a security consultancy, and the team lead drops a 50-page scope 10
SKSreeram K Sincode-as-a-story.hashnode.dev·3d ago · 6 min readWhat is XSS (Cross-Site Scripting)?Story Time Imagine your office has a public notice board where anyone can walk up and pin messages like “Team lunch at 1 PM” and “Meeting moved to 3 PM”. Everyone trusts this board and whatever is wri00
SKSreeram K Sincode-as-a-story.hashnode.dev·3d ago · 6 min readCORS vs CSP vs CSRF vs XSS — Differences Every Developer Must UnderstandCORS, CSP, CSRF, XSS : They all sound similar, they all show up when something breaks in your frontend or backend and they all somehow feel like “security things.” So it’s natural to assume “Aren’t th00
JJebitokinsharonjebitok.com·Jun 4 · 24 min readXSS Introduction (TryHackMe)Link to the Walkthrough/Challenge on TryHackMe: XSS Introduction Introduction Web applications power most business workflows, and Cross-Site Scripting (XSS) remains one of the easiest paths for attack00
BMBastien Mirlicourtoisinthelearningmachine.dev·Jun 4 · 16 min readWeb Security 101 — how attackers borrow your identity, and how to stop themI kept seeing the same advice. "Sanitize your inputs." "Set HttpOnly." "Add a CSRF token." I knew these mattered. I even knew how to apply them. But I couldn't have told you what I was actually defend01R
SRSatyam Rastogiinsatyamrastogi.hashnode.dev·Apr 25 · 6 min readZimbra XSS at Scale: Exploiting 10K+ Servers in Enterprise EmailOriginally published on satyamrastogi.com 10,000+ Zimbra Collaboration Suite instances vulnerable to active XSS exploitation. Attack chain enables session hijacking, credential theft, and lateral movement. Analysis of exploitation patterns and defen...00
SASolabi Abrahaminblessme.hashnode.dev·Apr 15 · 4 min readWhy Strict Input Validation on the Frontend Matters More Than You ThinkWhen building user-facing applications, it’s easy to treat frontend validation as a “nice-to-have”, something mainly for improving UX. But in reality, the frontend is your first line of defense agains00
PBPradip Bhattaraiinblog.pradeepbhattarai.me·Apr 13 · 8 min readIntigriti March 2026 XSS Challenge: Full WriteupInitial Reconnaissance The challenge presents itself as the "Intigriti Secure Search Portal", an interface with a search box and a "Report it to Admin" link. That report link is the classic signal: th00
Ttheblxckcicadainblog.ovawatch.co.za·Apr 10 · 2 min readMy First Bug Bounty: Chaining Open Redirect and DOM XSS into Account TakeoverThis was my first ever valid bug bounty report through a VDP, and it got marked Medium severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty i121A
RRRoshni Rajaniinroshnirajanii.hashnode.dev·Apr 2 · 1 min readXSS happens only in Open Source is a myth.XSS is a coding mistake — not an “open source” problem. It occurs whenever user input isn’t properly validated, sanitized, or encoded, whether the code is public, private, free, or paid. Think of a we00
