Neatly bypassing CSP

How to trick CSP in letting you run whatever you want

Guide for Implementing Neural Architecture Search with Reinforcement Learning Using TensorFlow

RCE in PHP or how to bypass disable_functions in PHP installations

How to use a single download to remotely steal proprietary files from MacOS

XXE that can Bypass WAF Protection: 4 Ways Hackers Slip Through a Firewall?

Cache poisoning and other dirty tricks

by @bo0om, Wallarm Research

Caching is a great technology practice. It makes life better for everybody — clients get the data faster, servers expend fewer resources and so on. There is even a whole CDN industry that was built to deliver…

How to protect web applications on Google Cloud Platform with WAF?

Exploring de-serialization issues in Ruby projects.

Ruby on Rails is a popular application platform that uses cookies to identify application sessions.

The cookie consists of two parts: cookie-value and signature. Whenever Rails gets a cookie, it verifies that the…

Extending fuzzing with Burp by FAST

I love Burp Suite, like really. It’s the most convenient tool to visualize what’s happening with…