Bypassing Anti-CSRF with Burp Suite Session Handling

Using Burp Suite to bypass anti-CSRF protections with the built-in Session Handling and Macro recorder.…

JWT - Reinventing Sessions

JWT advantages and disadvantages with an emphasis on security implementations.…

Burp Suite 2.0 - Quick Review

Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including A new crawler, able to automatically handle sessions, detect changes in application state, crawl with multiple logins, and deal with volatile content.…

RequestBin Setup to Demonstrate Open-Redirect

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input.…

Learning to Pop XSS with Docx Files

Utilizing an unrestricted file upload vulnerability with Microsoft Docx files to exploit web applications with Cross-Site Scripting (XSS).…