WebSpec.pdf
950.7 KB
#WebApp_Security
"WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms", 2022.
]-> Tool: https://github.com/secpriv/webspec
"WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms", 2022.
]-> Tool: https://github.com/secpriv/webspec
#WebApp_Security
1. Analyzing ClipboardEvent Listeners for Stored XSS
https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss
2. Firebase: Insecure by Default
https://saligrama.io/blog/post/firebase-insecure-by-default
1. Analyzing ClipboardEvent Listeners for Stored XSS
https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss
2. Firebase: Insecure by Default
https://saligrama.io/blog/post/firebase-insecure-by-default
spaceraccoon.dev
I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
When is copy-paste payloads not self-XSS? When it’s stored XSS. Recently, I reviewed a Zoom’s code to uncover an interesting attack vector.
#WebApp_Security
1. Backdoor .NET applications via startup hooks
https://rastamouse.me/net-startup-hooks
2. Teler-waf - Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security web applications
https://github.com/kitabisa/teler-waf
1. Backdoor .NET applications via startup hooks
https://rastamouse.me/net-startup-hooks
2. Teler-waf - Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security web applications
https://github.com/kitabisa/teler-waf
GitHub
GitHub - teler-sh/teler-waf: teler-waf is a Go HTTP middleware that provides teler IDS functionality.
teler-waf is a Go HTTP middleware that provides teler IDS functionality. - teler-sh/teler-waf
automated_threat_handbook_v1-2.pdf
1.6 MB
#Whitepaper
#Threat_Research
#WebApp_Security
"OWASP Automated Threats Handbook: Web Applications, Version 1.2".
#Threat_Research
#WebApp_Security
"OWASP Automated Threats Handbook: Web Applications, Version 1.2".
#WebApp_Security
1. Hacking Salesforce-backed WebApps
https://www.hypn.za.net/blog/2022/11/12/Hacking-Salesforce-backed-WebApps
2. GUID: Attacking Password Reset Functionality
https://www.intruder.io/research/in-guid-we-trust
3. Prototype bugs explained
https://www.jerkeby.se/newsletter/posts/prototype-poisoning
1. Hacking Salesforce-backed WebApps
https://www.hypn.za.net/blog/2022/11/12/Hacking-Salesforce-backed-WebApps
2. GUID: Attacking Password Reset Functionality
https://www.intruder.io/research/in-guid-we-trust
3. Prototype bugs explained
https://www.jerkeby.se/newsletter/posts/prototype-poisoning