Tag feed

#xss

152 posts24 followers

Trending tags this week

RRRoshni Rajaniroshnirajanii.hashnode.dev

XSS happens only in Open Source is a myth.

1d ago · 1 min read · XSS is a coding mistake — not an “open source” problem. It occurs whenever user input isn’t properly validated, sanitized, or encoded, whether the code is public, private, free, or paid. Think of a we

Join discussion

NBNishil Bhavenishilbhave.hashnode.dev

0

How Do You Secure an API? The 4-Layer Framework That Actually Works

5d ago · 13 min read · How Do You Secure an API? The 4-Layer Framework That Actually Works APIs are the backbone of every modern application — and the most common entry point for attackers. Most developers bolt security on as an afterthought: one middleware, one config fla...

Join discussion

EEEmma Engströmpentesting-dvwa.hashnode.dev

0

DOM-Based XSS in DVWA

5d ago · 14 min read · Introduction This post examines a DOM-based cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) and demonstrates how it can be exploited to achieve client-side code

Join discussion

MBMokshan Basurumokshan.hashnode.dev

0

Bypassing safeMode: A Journey from JSONP to Stored XSS

Mar 26 · 4 min read · In modern web security, we often rely on client-side flags to toggle security features. But.... If attacker can reach into the global window object and flip those switches what happens? In this post,

Join discussion

HNHabib Najibullahhabib0x.com

0

Weaponizing MCP: From Chat Tool to Cloud Breach

Mar 26 · 17 min read · How MCP Works (and Why It's a Big Attack Surface) MCP (Model Context Protocol) is a standard created by Anthropic for connecting AI models to external tools and data. Think of it as a universal plug s

Join discussion

EEEmma Engströmpentesting-dvwa.hashnode.dev

0

Stored XSS in DVWA

Mar 25 · 12 min read · Introduction This post examines a Stored Cross-Site Scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA), and demonstrates how it can be used to achieve persistent client-side c

Join discussion

Ttheblxckcicadablog.ovawatch.co.za

0

My First High-Severity Bug: Chaining Open Redirect and DOM XSS into Account Takeover

Mar 21 · 2 min read · This was my first ever valid bug bounty report through a VDP, and it got marked High severity. It was also not a duplicate, so for me this was a huge win. One thing I had heard a lot in bug bounty is

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

CSP Bypass in DVWA

Mar 14 · 13 min read · 1 Introduction In this post, the Content Security Policy (CSP) Bypass vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to bypass the

Join discussion

MCMohamed Chadlyn1ghtm4r3.hashnode.dev

0

Payment Page XSS: Bypassing Strict Sanitization through URI Structure

Mar 3 · 5 min read · Sometimes, the best lessons in web development and security come from staring at a seemingly bulletproof application until its underlying mechanics finally crack. We had been deep in the trenches with

Join discussion

FKFrank Kelechi Ogefrankoge.com

0

The Two Bugs That Kill Startups: A Deep Dive into XSS and CSRF

Feb 15 · 2 min read · You can have the cleanest React code, the fastest API, and the most beautiful UI. But if I can inject a script into your search bar that steals your users' session cookies, your startup is dead. Security is not an "add-on." It is a fundamental requi...

Join discussion

#xss

Search Hashnode

#xss

Trending tags this week

XSS happens only in Open Source is a myth.

How Do You Secure an API? The 4-Layer Framework That Actually Works

DOM-Based XSS in DVWA

Bypassing safeMode: A Journey from JSONP to Stored XSS

Weaponizing MCP: From Chat Tool to Cloud Breach

Stored XSS in DVWA

My First High-Severity Bug: Chaining Open Redirect and DOM XSS into Account Takeover

CSP Bypass in DVWA

Payment Page XSS: Bypassing Strict Sanitization through URI Structure

The Two Bugs That Kill Startups: A Deep Dive into XSS and CSRF