My First High-Severity Bug: Chaining Open Redirect and DOM XSS into Account Takeover
1d ago · 2 min read · This was my first ever valid bug bounty report through a VDP, and it got marked High severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty is
Join discussion
Payment Page XSS: Bypassing Strict Sanitization through URI Structure
Mar 3 · 5 min read · Sometimes, the best lessons in web development and security come from staring at a seemingly bulletproof application until its underlying mechanics finally crack. We had been deep in the trenches with
Join discussion
The Two Bugs That Kill Startups: A Deep Dive into XSS and CSRF
Feb 15 · 2 min read · You can have the cleanest React code, the fastest API, and the most beautiful UI. But if I can inject a script into your search bar that steals your users' session cookies, your startup is dead. Security is not an "add-on." It is a fundamental requi...
Join discussion
XSS Prevention: Input Output Sanitization
Feb 12 · 9 min read · Why Input Sanitization Alone Is Insufficient Many development teams mistakenly believe that sanitizing user input at the application boundary provides complete XSS attack prevention. This approach fails because it assumes you can predict every possib...
Join discussionXSS Attack Prevention: Content Security Policy
Feb 12 · 9 min read · Why Traditional XSS Prevention Fails in Modern Applications Traditional XSS prevention relied heavily on server-side input sanitization and HTML entity encoding. This approach breaks down in 2025's application landscape for several critical reasons. ...
Join discussionShaking the MCP Tree: A Security Deep Dive
Feb 3 · 14 min read · AI is moving fast. Companies are racing to connect their services to AI assistants, shipping integrations as quickly as possible to stay ahead. But when speed is the priority, security often gets left behind. In this post, I'll show you what happens ...
Join discussion
How to Buy Verified Binance Accounts Online - Anime post
Jan 27 · 3 min read · Beginner Tutorial - How to Get Verified on Binance Introduction Are you looking to enhance your trading experience on Binance? One way to do this is by getting verified on the platform. In this beginner tutorial, we will guide you through the steps t...
Join discussionASP.NET Core: Cross-Site Scripting (XSS)
Jan 26 · 4 min read · Cross-Site Scripting (XSS) is a security vulnerability that allows an attacker to inject malicious client-side scripts (usually JavaScript) into web pages viewed by other users. Unlike CSRF (which targets the server by tricking it into accepting a re...
Join discussionAPEX_ESCAPE: ¿Proteges tus aplicaciones Oracle APEX contra XSS?
Jan 15 · 4 min read · Cuando desarrollamos aplicaciones en Oracle APEX, solemos concentrarnos en la lógica del negocio, la experiencia de usuario y el rendimiento. Sin embargo, hay un aspecto crítico que muchas veces se pasa por alto hasta que es demasiado tarde: la segur...
Join discussion