PinnedApplication Security #1: What is server side input validation? Why is it needed anyway?tl;dr — Don’t rely on client-side input validation. The data sent from client side can be manipulated in many ways beating any validation…Jul 14, 20171Jul 14, 20171
Extract Parameter Values from Burp Suite Historytl;dr Use a combination of regex [&?]param-name=([^&]+) and Sensitive Discover extension from the BApp Store.1d ago1d ago
How to Check Java Keystore JKS File for Private Keystl;dr — use keytool to list content of .jks keystore file and lookout for SecretKeyEntry and PrivateKeyEntry entry types for private key…Nov 5Nov 5
Best Tutorial on How to Build Python Packages with pyproject.toml YetThere are many different ways to build and distribute python packages and there really are many blog posts and tutorials on how to do it.Oct 22Oct 22
Tutorial #7: How To Fix Request Hanging Issue When Proxying Through Burp Suite with Python or…tl;dr — If you are using the later version of Burp especially version 2024.8.5, update java JDK or JRE runtime environment to avoid the…Oct 17Oct 17
Tutorial #6: Fix SSL Error in Python requests when proxying through Burp Suitetl;dr — Two ways to fix: either disable SSL checking completely with verify=False (the dirty approach) or use verify=<path to cert> to…May 41May 41
Application Security #4: What do jwk keypairs look like? Have I found something sensitive?What does keypairs look like? What does it mean? Where to find it? How to generate it?Apr 26Apr 26
Tutorial #5: Prevent Clickjacking Attack with X-Frame-OptionsA video demonstration on how to implement X-Frame-Options header to prevent Clickjacking or UI Redressing attack.Apr 20Apr 20
Tutorial #4: Prevent Clickjacking Attack with Content-Security-Policy headerA video demonstration on how to implement Content-Security-Policy header to prevent Clickjacking or UI Redressing attack.Apr 19Apr 19
Lab: Information disclosure in version control history (Windows, wsl.exe and git) — Video SolutionThis was my attempt to solve a lab from Web Security Academy by Port Swigger that involves exploiting the information disclosure of version…Apr 17Apr 17