all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
All InfoSec / Cybersecurity News

Source: portswigger.net / PortSwigger Research

https://portswigger.net/research
Follow source RSS
Smashing the state machine: the true potential of web race conditions 1 month, 2 weeks ago | portswigger.net
attacks conditions machine missing +10
Exploiting XSS in hidden inputs and meta tags 2 months, 2 weeks ago | portswigger.net
chrome exploit exploiting hidden +6
How I choose a security research topic 3 months, 1 week ago | portswigger.net
personal question research security +2
Bypassing CSP via DOM clobbering 3 months, 2 weeks ago | portswigger.net
bypass bypassing csp dom +4
Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO 4 months, 4 weeks ago | portswigger.net
analytics audit bypass csp +5
The curl quirk that exposed Burp Suite & Google Chrome 5 months, 4 weeks ago | portswigger.net
amp back burp burp suite +11
Exploiting prototype pollution in Node without the filesystem 6 months ago | portswigger.net
box exploitation exploiting filesystem +5
Server-side prototype pollution: Black-box detection without the DoS 7 months, 1 week ago | portswigger.net
box burp detect detection +7
Top 10 web hacking techniques of 2022 7 months, 2 weeks ago | portswigger.net
community hacking identify important +8
Top 10 web hacking techniques of 2022 - nominations open 8 months, 3 weeks ago | portswigger.net
community findings hacking latest +10
Hijacking service workers via DOM Clobbering 9 months, 3 weeks ago | portswigger.net
dom hijacking service workers
Stealing passwords from infosec Mastodon - without bypassing CSP 10 months, 1 week ago | portswigger.net
bypassing csp infosec mastodon +2
Detecting web message misconfigurations for cross-domain credential theft 10 months, 2 weeks ago | portswigger.net
credential credential theft domain message +3
Safari is hot-linking images to semi-random websites 10 months, 3 weeks ago | portswigger.net
images random safari websites
HTTP/3 connection contamination: an upcoming threat? 11 months ago | portswigger.net
http threat upcoming
Our favourite community contributions to the XSS cheat sheet 11 months, 3 weeks ago | portswigger.net
cheat community xss
Making HTTP header injection critical via response queue poisoning 1 year ago | portswigger.net
critical header http injection +3
The seventh way to call a JavaScript function without parentheses 1 year ago | portswigger.net
call javascript
How to turn security research into profit: a CL.0 case study 1 year ago | portswigger.net
case profit research security +3
Using Hackability to uncover a Chrome infoleak 1 year ago | portswigger.net
chrome uncover
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling 1 year, 1 month ago | portswigger.net
attacks browser frontier http +4
Framing without iframes 1 year, 1 month ago | portswigger.net
Bypassing Firefox's HTML Sanitizer API 1 year, 2 months ago | portswigger.net
api bypassing firefox html +1
Widespread prototype pollution gadgets 1 year, 3 months ago | portswigger.net
gadgets
Bypassing CSP with dangling iframes 1 year, 3 months ago | portswigger.net
bypassing csp
Hunting evasive vulnerabilities 1 year, 4 months ago | portswigger.net
hunting vulnerabilities
New XSS vectors 1 year, 5 months ago | portswigger.net
xss
Top 10 web hacking techniques of 2021 1 year, 7 months ago | portswigger.net
hacking techniques top 10 web +1
Top 10 web hacking techniques of 2021 - nominations open 1 year, 8 months ago | portswigger.net
hacking techniques top 10 web +1
uBlock, I exfiltrate: exploiting ad blockers with CSS 1 year, 9 months ago | portswigger.net
ad blockers css exploiting ublock
Creating a 3D world in pure CSS 1 year, 11 months ago | portswigger.net
css world
Hunting nonce-based CSP bypasses with dynamic analysis 2 years ago | portswigger.net
analysis csp dynamic dynamic analysis +2
HTTP/2: The Sequel is Always Worse 2 years, 1 month ago | portswigger.net
http
alert() is dead, long live print() 2 years, 2 months ago | portswigger.net
alert dead live print
Finding DOM Polyglot XSS in PayPal the Easy Way 2 years, 2 months ago | portswigger.net
dom paypal polyglot xss
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) 2 years, 2 months ago | portswigger.net
auth cve cve-2021-35464 forgerock +2
nOtWASP bottom 10: vulnerabilities that make you cry 2 years, 5 months ago | portswigger.net
vulnerabilities
Hidden OAuth attack vectors 2 years, 6 months ago | portswigger.net
attack attack vectors hidden oauth
Top 10 web hacking techniques of 2020 2 years, 7 months ago | portswigger.net
hacking techniques top 10 web +1
Top 10 web hacking techniques of 2020 - nominations open 2 years, 8 months ago | portswigger.net
hacking techniques top 10 web +1

Nothing found.

Items published with this topic over the last 90 days.

Latest

Smashing the state machine: the true potential of web race conditions 1 month, 2 weeks ago | portswigger.net
attacks conditions machine missing +10
Exploiting XSS in hidden inputs and meta tags 2 months, 2 weeks ago | portswigger.net
chrome exploit exploiting hidden +6
How I choose a security research topic 3 months, 1 week ago | portswigger.net
personal question research security +2
Bypassing CSP via DOM clobbering 3 months, 2 weeks ago | portswigger.net
bypass bypassing csp dom +4
Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO 4 months, 4 weeks ago | portswigger.net
analytics audit bypass csp +5
The curl quirk that exposed Burp Suite & Google Chrome 5 months, 4 weeks ago | portswigger.net
amp back burp burp suite +11
Exploiting prototype pollution in Node without the filesystem 6 months ago | portswigger.net
box exploitation exploiting filesystem +5
Server-side prototype pollution: Black-box detection without the DoS 7 months, 1 week ago | portswigger.net
box burp detect detection +7
Top 10 web hacking techniques of 2022 7 months, 2 weeks ago | portswigger.net
community hacking identify important +8
Top 10 web hacking techniques of 2022 - nominations open 8 months, 3 weeks ago | portswigger.net
community findings hacking latest +10
Hijacking service workers via DOM Clobbering 9 months, 3 weeks ago | portswigger.net
dom hijacking service workers
Stealing passwords from infosec Mastodon - without bypassing CSP 10 months, 1 week ago | portswigger.net
bypassing csp infosec mastodon +2
Detecting web message misconfigurations for cross-domain credential theft 10 months, 2 weeks ago | portswigger.net
credential credential theft domain message +3
Safari is hot-linking images to semi-random websites 10 months, 3 weeks ago | portswigger.net
images random safari websites
HTTP/3 connection contamination: an upcoming threat? 11 months ago | portswigger.net
http threat upcoming
Our favourite community contributions to the XSS cheat sheet 11 months, 3 weeks ago | portswigger.net
cheat community xss
Making HTTP header injection critical via response queue poisoning 1 year ago | portswigger.net
critical header http injection +3
The seventh way to call a JavaScript function without parentheses 1 year ago | portswigger.net
call javascript
How to turn security research into profit: a CL.0 case study 1 year ago | portswigger.net
case profit research security +3
Using Hackability to uncover a Chrome infoleak 1 year ago | portswigger.net
chrome uncover
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling 1 year, 1 month ago | portswigger.net
attacks browser frontier http +4
Framing without iframes 1 year, 1 month ago | portswigger.net
Bypassing Firefox's HTML Sanitizer API 1 year, 2 months ago | portswigger.net
api bypassing firefox html +1
Widespread prototype pollution gadgets 1 year, 3 months ago | portswigger.net
gadgets
Bypassing CSP with dangling iframes 1 year, 3 months ago | portswigger.net
bypassing csp
Hunting evasive vulnerabilities 1 year, 4 months ago | portswigger.net
hunting vulnerabilities
New XSS vectors 1 year, 5 months ago | portswigger.net
xss
Top 10 web hacking techniques of 2021 1 year, 7 months ago | portswigger.net
hacking techniques top 10 web +1
Top 10 web hacking techniques of 2021 - nominations open 1 year, 8 months ago | portswigger.net
hacking techniques top 10 web +1
uBlock, I exfiltrate: exploiting ad blockers with CSS 1 year, 9 months ago | portswigger.net
ad blockers css exploiting ublock
Creating a 3D world in pure CSS 1 year, 11 months ago | portswigger.net
css world
Hunting nonce-based CSP bypasses with dynamic analysis 2 years ago | portswigger.net
analysis csp dynamic dynamic analysis +2
HTTP/2: The Sequel is Always Worse 2 years, 1 month ago | portswigger.net
http
alert() is dead, long live print() 2 years, 2 months ago | portswigger.net
alert dead live print
Finding DOM Polyglot XSS in PayPal the Easy Way 2 years, 2 months ago | portswigger.net
dom paypal polyglot xss
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) 2 years, 2 months ago | portswigger.net
auth cve cve-2021-35464 forgerock +2
nOtWASP bottom 10: vulnerabilities that make you cry 2 years, 5 months ago | portswigger.net
vulnerabilities
Hidden OAuth attack vectors 2 years, 6 months ago | portswigger.net
attack attack vectors hidden oauth
Top 10 web hacking techniques of 2020 2 years, 7 months ago | portswigger.net
hacking techniques top 10 web +1
Top 10 web hacking techniques of 2020 - nominations open 2 years, 8 months ago | portswigger.net
hacking techniques top 10 web +1

Top (last 7 days)

Nothing found.

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Business Information Security Officer

@ Metrolink | Los Angeles, CA
View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City
View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU
View on infosec-jobs.com

Cyber Hunt Subject Matter Expert (SME) - Hybrid

@ XOR Security | Alexandria, VA
View on infosec-jobs.com

Software Compliance, Safety and Security Manager (w/m/d)

@ Bosch Group | Stuttgart, Germany
View on infosec-jobs.com

Chef de projet - Service PKI

@ Alter Solutions | Paris, France
View on infosec-jobs.com
View more jobs