In a recent penetration testing project we encountered a situation where in order to prove exploitability and possible damage we had to exfiltrate data from
Category: Web security
Web security
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Clickjacking in Firefox Hello
Clickjacking, the art of tricking users into clicking on links or buttons that no sane person would ever click on. But how much damage can you
Understanding PHP Object Injection
PHP Object Injection is not a very common vulnerability, it may be difficult to exploit but it also may be really dangerous. In order to
Security Café 