PinnedBa Yin MinApplication Security #1: What is server side input validation? Why is it needed anyway?TL;DR Don’t rely on client-side input validation. The data sent from client side can be manipulated in many ways beating any validation…5 min read·Jul 14, 2017--1--1
Ba Yin MinTutorial #6: Fix SSL Error in Python requests when proxying through Burp SuiteTL;DR Two ways to fix: either disable SSL checking completely with verify=False (the dirty approach) or use verify=<path to cert> to…4 min read·May 4, 2024----
Ba Yin MinApplication Security #4: What do jwk keypairs look like? Have I found something sensitive?What does keypairs look like? What does it mean? Where to find it? How to generate it?3 min read·Apr 26, 2024----
Ba Yin MinTutorial #5: Prevent Clickjacking Attack with X-Frame-OptionsA video demonstration on how to implement X-Frame-Options header to prevent Clickjacking or UI Redressing attack.1 min read·Apr 20, 2024----
Ba Yin MinTutorial #4: Prevent Clickjacking Attack with Content-Security-Policy headerA video demonstration on how to implement Content-Security-Policy header to prevent Clickjacking or UI Redressing attack.1 min read·Apr 19, 2024----
Ba Yin MinLab: Information disclosure in version control history (Windows, wsl.exe and git) — Video SolutionThis was my attempt to solve a lab from Web Security Academy by Port Swigger that involves exploiting the information disclosure of version…1 min read·Apr 17, 2024----
Ba Yin MinTeradata SQLi CheatsheetTD;LR This is a SQL Injection cheat sheet for the Teradata database. This is still an initial version and not comprehensive enough yet.1 min read·Apr 9, 2024----
Ba Yin MinTutorial #3: How to add a custom static header into the HTTP Request in Burp SuiteSometimes, you may need to add some application specific extra header to the HTTP request during an application pentesting.1 min read·Jan 27, 2024----
Ba Yin MinApplication Security #3: How to find SSL Issues for your assetsOne of the usual issues that comes up in the pentest report is SSL/TLS issues. I am sure most of the developers will be familiar with…3 min read·Mar 27, 2022----
Ba Yin MinTutorial #2: How to view the raw HTTP traffic, parameter and data via proxy for mobile applications…Another basic proxy set up tutorial to view HTTP or HTTPS traffic that mobile applications are dealing with on your iOS simulator. This…4 min read·Sep 12, 2021----