Imagine an exploit where a click on a link quietly changed the victim’s account settings, reset their password or sent a hidden request that they never authorised. These are some of the egregious ...

Behind every SQL query hides an opportunity: a carefully crafted payload can elicit sensitive data long after obvious error messages have been addressed. In this guide, we explain basic and advanc...

Do you use Caido to hunt for vulnerabilities? Would you like to access your favourite Bug Bounty Programs from inside this popular AppSec auditing toolkit? Then check out YesWeCaido, a new plugin ...

Google dorking is a comparatively simple yet invaluable reconnaissance technique for ethical hackers to learn. Suitably customised ‘dorks’ (Google searches that reveal sensitive information about ...

Did you know that manipulating a single HTTP header can unlock high-impact security flaws hidden within a web application? HTTP headers control how browsers and servers interact with data, so thes...

How often have your exploits been blocked by firewalls or neutered by mysterious processes that alter key characters? This is why payload obfuscation is such a game-changing skill for offensive se...

HTTP fingerprinting is an invaluable way to discover the underlying technologies powering a web application. From analysing HTTP headers to performing malformed HTTP requests, these reconnaissance...

Ever wondered whether you ever missed a hidden subdomain that would have unlocked a critical vulnerability and a large bounty reward? In this article, you will discover how cutting-edge subdomain ...

Cross-Site Scripting (XSS) is a super-common vulnerability that infects a victim’s browser with malicious JavaScript code, which is then used to hijack the victim’s data or, in some cases, take ful...

This is a guide to performing white box penetration testing on a JavaScript web application running within a Docker container. In testing a web application vulnerable to prototype pollution, we wil...