Bug bounty has become a fast-growing industry with programs launching almost daily bringing along with it a fierce competition among hackers. It’s a sort of a monetized race which revolves around the first one to report a bug: first come, first served. Therefore, it’s essential to step up your game and try to stay ahead of the game. Learning and expanding your skill set is one way to do it but also improving your testing methodology is quite important, and polishing you reconnaissance for instance surely going to help a bunch.
The Open Web Application Security Project (OWASP) is a global, nonprofit organization aiming to improve the security of applications and raise awareness of secure coding practices. They create new tools for both individuals and organizations, and build practical, knowledge-based documentation for the security community.
It is no wonder that 2017 was a year full of surprises in the world of cybersecurity. So far in 2018, we’ve seen new threats appear, and relatively older ones evolve. The digital threats confronted by companies large and small are in perpetual flux, and cybercriminals are continually discovering new ways and techniques to step up their game. As a result, it is crucial for organizations to stay one step ahead by keeping an eye on things and sharpening their defenses to stop future threats.
Web browsers are a commonly used software application to access web resources and pages using the Internet. A browser can also be used to access information provided by web servers in private networks or files in file systems.
Recent major cybersecurity breaches have urged organizations to recruit infosec professionals skilled in ethical hacking. Ethical hacking is not a typical job, as it does not require a college diploma. All you need is a good understanding of computers, software and decent hacking skills. Ethical hacking is another term for penetration testing, commonly referred to as pentesting.
The current cybersecurity landscape requires specialized and validated skills to proactively mitigate future security threats. Certifications like the CASP provide credibility when it comes to demonstrating job competencies to employers, and can unlock advanced opportunities in the IT world.
The present article will be discussing a particular case regarding exploitation of CORS misconfigurations which I stumbled across during a security audit so I had to dig and research about it in order to finalize a working proof of concept for the client. If you do not have knowledge in this matter I would advise you to read first my previous article in this regards that you can find here.
I have been lately shiftless regarding publishing and my recent articles on Infosec Institute were more descriptive than technical. Thus, I decided to write this blog post about three interesting security vulnerabilities I discovered in three programs : (1) PayPal, (2) and (3) are private programs on HackerOne that I will not be disclosing. The security flaws will be in the following order :
The International Council of E-Commerce Consultants, also known as EC-Council, is a cyber security technical certification organization supported by its members. EC-Council has headquarters located in Albuquerque, New Mexico, but also operates in over 130 countries globally.
Looking for a job as a penetration tester? If so, this article is for you. Searching for a job is a process which can sometimes be a lengthy one as it involves drawing on skills you have developed over time. You can successfully find a job as a penetration tester, but it will take a reasonable investment of time and energy.
As technologies have increasingly advanced over the past few years, more complex cyber attacks have also emerged. Thus, data security has become the need of the hour as far as using these latest technologies. Penetration testing is not only an integral part of a security review process for any organization, but also a compliance obligation for standards like PCI-DSS.
The present article covers a security vulnerability I previously discovered in one of Mozilla web services. The discovery goes back to April 2016, a period in which I was enrolled in a bug bounty challenge with two of my friends. The challenge was quiet competitive and each one of us had a pretty productive month. It is a recommended method for my bug hunting fellows in order to stay motivated and boost their productivity.
This article is reserved to disclose the two security vulnerabilities I discovered in Microsoft web services. As you may know, Microsoft has started offering monetary rewards that range from $500 USD up to a maximum of $15,000 USD. So, without any kind of bullshit, making some quick cash was my main motivation this time especially that I am already listed in their Hall of fame twice but that was before they officially launch their bug bounty program.
It has been quiet some time I have not blogged about anything new, so I hope this blog post is sufficient to catch up my inactivity 🙂 It is also worth mentionning that this vulnerability has earned me quiet few good rewards from bug bounty programs.
The tremendous increase in online transactions and the development of e-commerce in the world has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. From SQL injection vulnerability that targets databases to XSS (Cross-Site scripting) flaws aiming to hijack users’ sensitive information (Session cookie, CSRF tokens etc.). However, this article will focus on another type of issus that I have came across multiple times in different platforms while doing security testings. We will essentially talk about price manipulation vulnerability that is almost completely unique to online shopping carts and payment gateways.
Title : Python module UrlParse – Improper input validation leads to Open Redirect
Credit : Yassine ABOUKIR
CVE : CVE-2015-2104 (Reserved)
Disclosure Date : 02/24/2015
Vendor : Python Software Foundation (https://www.python.org)
Affected versions : Python 2.7/3.2/3.3/3.4/3.5/3.6
CVSS Score : 4.3 (Medium)
In this write up I will be talking about a security issue identified in Redbooth platform which « is a communication and collaboration platform that provides a single place for shared tasks, discussions, file sharing, and more. » – Read more at: https://www.crunchbase.com/organization/redbooth
I am not really used to write about vulnerabilities I have discovered but this time is worth it since it is a bit exceptional for me as it is about a security issue found on Facebook.