At Casper, we revived a dead bug bounty program and made security part of the culture along the way.

Hi guys whatsup! This is Udhay an security researcher . Here im presenting my research on unrestricted file upload vulnerablities.

Download HackBar V2 for Firefox. [No License, FOREVER FREE] A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar.

You can ask request here: https://github.com/Hack-Free/HackBar

In part two of G Suite vulnerability discussion, I am writing about a simple but quite serious vulnerability in yet another part of G Suite…

Achieving authentication bypass and SQL injection using PHP’s unserialize()

🚨NEW CHALLENGE: Can you find the XSS vulnerability? 🕵️
🎁 Win a Burp Pro license and private invites at
👉https://t.co/ujjUzeuRt2! 👈
#HackWithIntigriti

Broken Access Control is an OWASP‘s Top 10 vulnerability category that covers all access control issues that can make your website vulnerable. In this article, we explain the impact of Broken Access Control and how you can avoid making access control mistakes.

In this section we will explain what clickjacking is, describe common examples of clickjacking attacks and discuss how to protect against these attacks. ...

## Summary:
The `flip` contract allows for the MCD system to auction collateral in exchange for DAI.
A lack of validation in the method `flip.kick` allows an attacker to create an auction with a...

In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244.…

For open redirects, try using this character: 。The website thinks it's redirecting to a page on the site, but browsers convert it to a '.' thus completing the redirect. Usage: ?url=//google。com Goes to: https://t.co/NeH0AFZR2O URL encoded: %E3%80%82 #bugbounty…

Image Payload Creating/Injecting tools. Contribute to sighook/pixload development by creating an account on GitHub.

Introduction :

While working for browser-based attacks on the URL bar, I learned a way where it was still possible to spoof address bar in safari. None…

Last month I published HTTP Desync Attacks: Request Smuggling Reborn. Since then, there's been a range of new developments. While vendors have been deploying fixes and publishing advisories, I've devi

Tools to play around #JavaScript files + extracting URLs github.com/cablej/FileCha… github.com/003random/getJS github.com/nahamsec/JSPar… github.com/zseano/JS-Scan github.com/Lopseg/Jsdir github.com/jobertabma/rel… github.com/GerbenJavado/L… please add, if…