What is SAML? Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties.
Source: Wikipedia
SAML is often used for single-sign on (“Sign in with Google”, “Sign in with Twitter” etc.).…

New web targets for the discerning hacker

Unpack the source code of React and other Webpacked Javascript apps!

Several months ago I found an issue (now CVE-2020-27348) with Ubuntu’s new package management system, Snapcraft. This bug introduced a classic pattern of ins...

Site isolation security break uncovered

Cross-Site Scripting and the alert() function have gone hand in hand for decades. Want to prove you can execute arbitrary JavaScript? Pop an alert. Want to find an XSS vulnerability the lazy way? Inje

In this video we walk through how a security researcher named Augusto Zanellato was able to discover a GitHub Personal Access Token (PAT) that had read/write access to private Shopify repositories, and earned them a $50,000USD bounty!

You can read the report…

Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease.

This write-up will be about Broken Object Level Authorization (BOLA), which is #1 topic of API Security 101 (OWASP).

I found an internal gem (Ruby library) in use by Basecamp that was not registered on Rubygems (the public Ruby package repository). I registered a gem of my own under the name that would call back...

Detectify Crowdsource is not your average bug bounty platform. It’s an invite-only community of the best ethical hackers who are passionate about securing modern technologies ...

Who is Krishnadev P Melevila?

Burp-suite Collaborator

Hello everyone, this is my first post. I’ve been thinking about writing about my findings for a while, so here we go.

A collection of small XSS payloads

I have found vulnerability which allows attacker to generate steam wallet balance.

Firstly you will have to change yours steam account email to something like (I will explain why in next steps,...