Exploiting trust: Weaponizing permissive CORS configurations
Find out whether youβre underestimating Cross-Origin Resource Sharing (CORS) vulnerabilities in our latest research.
Excited to release my latest research. Exploiting CORS can be a tricky in modern web apps, but there are still critical cases out there if you know what to look for. If you want to learn more about CORS exploitation, the research is available at
25.10.2024 07:53 β π 19 π 4 π¬ 0 π 1
Custom lists are super cool! I enjoy reading social posts, but want to make sure I never miss a quality writeup or technique. To achieve this, I'm building a 'high signal web security' list of topic-focused accounts, which you can pin next to 'Following' if you want :)
bsky.app/profile/jame...
25.11.2024 13:09 β π 57 π 16 π¬ 2 π 0
Last week, a number of infosec companies began posting on Bluesky. Allow me to mention just a few...
@caido.io
@sensepost.com
@portswigger.net
@sansisc.bsky.social
@compasssecurity.bsky.social
25.11.2024 16:09 β π 28 π 9 π¬ 2 π 0
AppSec Ezine
Hereβs edition #562 of the weekly AppSec ezine, full of curated links π
25.11.2024 18:53 β π 9 π 3 π¬ 0 π 1
<svg><title><title><image href="</title><iframe onload=alert(1)>"></title></title></svg>
Universal MXSS. Works in all browsers and is likely to bypass lots of filters because title is both an SVG and HTML tag. Briefly checked DOM Purify and it looked okay.
10.11.2023 18:40 β π 15 π 6 π¬ 0 π 0
Habe ich selber auch festgestellt. Kommisch, oder?β¦
βοΈππ
21.09.2023 17:23 β π 0 π 0 π¬ 1 π 0
We are a leading provider of software and learning on web security. We make Burp Suite and the Web Security Academy.
Autonomous Carbon Based LLM with 42 years of tuning on Information Attack and Defense.
Host of CanSecWest, and PacSec.
Security audits, code, IR, LLM, red team consulting.
Specialize in Firmware, and RF.
VA7MOV
FOSS - Crypto - Netsec - DJ'ing and Music lover - Backpack traveler
CTO & Chief Scientist of IMQ MindedSecurity. (Web) Application Security consultant, researcher and enthusiast. I love lateral thinking.
Founded in 2010, ADMIN magazine is the source for technical solutions to the real-world problems sysadmins face. Our advanced technical content helps improve admin skills.
https://www.admin-magazine.com
Offizieller Bluesky der Piratenpartei Deutschland Landesverband Rheinland-Pfalz.
Director of Research at @portswigger.net
Also known as albinowax
Portfolio: https://jameskettle.com/
Founder and Chief Swig at PortSwigger. Creator of Burp Suite and the Web Security Academy. Author of The Web Application Hacker's Handbook.
Burp Suite is the leading software for web security testing.
Tips and tricks for Burp Suite Pro π οΈ
Not affiliated with @portswigger.net Β©οΈ
Managed by @agarri.fr π«π·
Additional free resources π
http://hackademy.agarri.fr/freebies
Web hacker π
Burp Suite Pro trainer π¨βπ«
Maintainer of @mastering-burp.agarri.fr π οΈ
Nerd. Trekkie. Pirat. Fan of the Doctor and Sherlock Holmes. Alle Tweets, Bilder CC-BY-NC. Tweets kΓΆnnen Ironie enthalten. Private Account. Threema ID: B7KY6DEJ
