The voting has concluded, and we're thrilled to announce the top ten web hacking techniques of 2025! Massive thanks to everyone in the community for sharing their hard-earned discoveries, plus the panel and everyone who nominated or voted! portswigger.net/research/top...
05.02.2026 15:40 โ ๐ 10 ๐ 7 ๐ฌ 1 ๐ 0Some sites may use direct IP address today if their domain name servers were not with Cloudflare too! There is this opportunity for WAF bypass... please share it , sharing is caring... ๐ค
18.11.2025 14:06 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0happy cloudflare outage day to all who celebrate
18.11.2025 11:57 โ ๐ 1532 ๐ 389 ๐ฌ 24 ๐ 22With cloudflare being down, and as a result, most things I use being down, I came here to say hi ๐คญ I guess I will use other AIs than chatgpt today!
18.11.2025 13:23 โ ๐ 5 ๐ 1 ๐ฌ 0 ๐ 0Wouldn't this also be vulnerable to dns rebinding attacks?
02.07.2025 10:16 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0I only have one ticket! I am not the worst ๐คฃ
02.06.2025 17:37 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0You would have kept it if it was called activity logs ๐ฅน Probably an ego boost would be a better name for these activities though ๐ฅฒ
18.04.2025 22:55 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
These days, Iโm off work, busy taking care of a family member, so this really brightened my day and brought a big smile to my face. ๐ thanks @portswigger.net
08.04.2025 13:06 โ ๐ 11 ๐ 0 ๐ฌ 2 ๐ 0I wonder if burp itself can do something for jython extensions since it has access to the location of a jython jar file to share it with extensions. But even with that I need to see how jython can use montoya ๐ฅฒ
08.04.2025 13:04 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0Do we need to include the jython jar file in it? forum.portswigger.net/thread/are-j...
08.04.2025 07:23 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0I always thought jython cannot use montoya. Is this a hackvertor hack or it's been always possible?
07.04.2025 22:58 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
Did you know? DC4420, the London monthly that graced central London for all of the 10s and before, has a new home and a new date!
Greene Man, 383 Euston Road, London, NW1 3AU
April 29
Be there.
www.eventbrite.co.uk/e/dc4420-apr... has details. you don't have to register.
#infosec #security
If you like hacking XML, this article is a gold mine! ๐ฑ
It includes parser discrepancies, round-trip attacks and my favorite, namespace confusion ๐คฉ
As always, also thanks to @albinowax and @PortSwigger for keeping the top 10 flame alive for another year!
04.02.2025 16:49 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Congrats to all the winners (especially @orange.tw) and all researchers who made the 2024 long list! ๐ฅ Thanks for sharing your work with us! ๐ซก
To readers: Donโt just read the top 10โstart there and then explore the rest. There are many great works beyond the top 10, so donโt limit yourself! ๐ฆพ
This year two new security legends have joined the top-ten expert panel - @liveoverflow.bsky.social and @stokfredrik.bsky.social! Excited to see what analysis & insights they bring to the top ten alongside long-time contributors @agarri.fr and @irsdl.bsky.social
23.01.2025 12:37 โ ๐ 40 ๐ 5 ๐ฌ 1 ๐ 1
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...
15.01.2025 15:24 โ ๐ 24 ๐ 8 ๐ฌ 0 ๐ 7Please submit any interesting and especially new web/http related topic published in 2024
09.01.2025 08:13 โ ๐ 2 ๐ 1 ๐ฌ 0 ๐ 0You are right. Unfortunately it's a cruel one especially when there is no sponsor. Most researchers also just use it with not much contribution which is ok but sad.
24.12.2024 17:45 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
If you are using YSoSerial .Net, we have accepted a few PRs and patched several bugs & improved the ViewState plugin!
Merry Christmas ๐
github.com/pwntester/ys...
We are extending our call for papers to January 1, 2025!
We are now targeting an end of January release.
If you have any Linux/ELF related research, projects, or papers, we would love to publish them!
Huge thank you to everyone who has already submitted!
tmpout.sh/blog/vol4-cf...
It seems Bsides Birmingham is now happening:
www.bsidesbrum.com
CFP is also open! ๐
Currently at #BSidesLDN2024
@n1ckdunn.bsky.social
๐ฅ Get ready for the biggest #SecuriTay yet! ๐ฅ
๐ฆ 500 attendees
๐ฎ 2-day CTF
๐ค Multiple sponsors
๐
Happening 28 | 02 | 2025 - First ticket drop coming soon! ๐
More details at securi-tay.co.uk
Extended the starter with shy writers! ๐ If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!
Make sure to resubscribe to not not miss on the amazing ๐research!
go.bsky.app/9JXnB17
๐
27.11.2024 09:49 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0I've released 'brainstorm': an alternative way to do web fuzzing combining my fav fuzzing tool 'ffuf' (from @joohoi.bsky.social )with local LLMs (via Ollama API) to generate smarter filename tests. It usually finds more endpoints with fewer requests. Added a IIS shortname support @irsdl.bsky.social
26.11.2024 08:57 โ ๐ 39 ๐ 9 ๐ฌ 5 ๐ 0
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!
go.bsky.app/GD7hKPX
bsky.app/profile/dino... he does bb too :)
26.11.2024 07:20 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0๐
22.11.2024 21:54 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0