Aug 10, 20201 minToday I Learned: Token Hijacking via PDFPDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which...
Jul 29, 20201 minToday I Learned: Bypassing Content Security Policy (CSP) via ajax.googleapis.comContent Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers...
Jul 22, 20201 minToday I Learned: Exploiting Race ConditionsA race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency...