Content discovery is often focused on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. In particular, we often see Base64, URL encoding, and HTML encoding used across many applications both as part of the application’s general functionality and...
Application Programming Interfaces (APIs) are at the heart of modern applications, enabling functionality, communication and acting as a bridge between different software components. A common issue that’s found though is Broken Function Level Authorization (BFLA), and...
In the realm of secure authentication, two key elements often come to the fore: ID tokens and access tokens. Though these elements might seem similar, understanding their differences, common pitfalls, and best practices is crucial in ensuring the security of your...
Clickjacking, also known as UI Redressing, is a technique that tricks users into clicking on unintended elements on a website. By using hidden elements, attackers deceive users into performing actions that they did not intend to carry out. How Does Clickjacking...
In 2023, there are more resources to learn new skills and progress than ever. However, this industry is also moving and growing rapidly, and more isn’t necessarily better. The phrase “drinking from a fire hose” comes to mind. Today we’re going to be looking at a path...
