All Stories

How I perform the JSON CSRF with method override technique.

CSRF(Cross-Site Request Forgery) is a kind of web application vulnerability, using this a malevolent can forge the HTTP request without the actual user knowledge. This will result in ...

In WebSecurity, APISecurity, Dec 29, 2023

Why Appropriate Content-Type Header Matters In REST API Security: Ft. JSON XSS.

Before diving into the specifics of the Content-Type header, let’s quickly recap what REST APIs are all about. REST is an architectural style for designing networked applications. It ...

In APISecurity, XSS, cross-site-scripting, REST-API, Dec 28, 2023

How to analyze the SSL/TLS configuration(sslscan).

SSL/TLS Analysis & Attacks

In network, kali-tool, Dec 28, 2023

The Art of Identifying X$$ & WAF Bypass Fuzzing Technique.

A smart way to hunt Cross-Site Scripting vulnerability

In WebSecurity, cross-site-scripting, Sep 30, 2023

Learn and Earn with the Most Common Unsecured Methods of OTP Bypass Techniques.

Discover the ultimate guide for bug bounty hunters to detect sneaky OTP validation vulnerabilities!

In WebSecurity, APISecurity, Jul 11, 2023

The Importance of Checking User-Agent Header Dependency in Penetration Testing.

Never ever give a chance to leave a bug to automated scanners.Introduction:

In WebSecurity, APISecurity, Jun 02, 2023

How to secure-docker-instance-with-basic-Authentication

Nginx reverse proxy with Basic Authentication

In secureinfrastructure, Jul 01, 2022

Never leave this tip while you are hunting Broken Access Control.

A special Bug-Bounty tip for Bug hunters and Pen-testers

In WebSecurity, APISecurity, Nov 12, 2021


A better way to take control of your online privacy

In secureinfrastructure, Jul 11, 2021


Android application dynamic analysis lab setup on windows

In AndroidSecurity, MobileAppPT, Jul 03, 2021