apoorv munshi‘nosniff’ and the rabbit hole of MIME sniffing in browsersOne frequent finding in web application security assessments is that the application has not deployed the X-Content-Type-Options (XCTO)…Jun 18, 2018Jun 18, 2018
apoorv munshiLet’s talk CSRF again.This article mainly covers some nitty-gritty about Cross-Site Request Forgery (CSRF) attack in context of the fundamental browser security…Oct 22, 20171Oct 22, 20171
apoorv munshiHow HTTP proxies read TLS encrypted traffic from browsers ?In section 1 of this article, I have provided an overview of why HTTP proxies such as Burp Suite or OWASP ZAP are able to show us TLS…Oct 19, 2017Oct 19, 2017