Marcin SzydlowskiinInfoSec Write-upsInsecure comparison in PHP — Business Logic Bypass vulnerabilityI have recently spotted an interesting vulnerability in a PHP application, which was in scope of a private bug bounty program. This…Mar 11, 20221Mar 11, 20221
Marcin SzydlowskiinInfoSec Write-upsWhy am I rooting for a new category in OWASP TOP 10 2021 — Insecure Build/Deployment environment?Earlier this year OWASP announced a planned release of brand-new OWASP TOP10 2021.Mar 28, 2021Mar 28, 2021
Marcin SzydlowskiinInfoSec Write-upsAWAE/OSWE review from a non-developer perspectiveEarlier this year I had participated in Advanced Web Application Exploitation course by Offensive Security and after 60 days of lab I…Nov 24, 2020Nov 24, 2020
Marcin SzydlowskiinInfoSec Write-upsBypassing AWS WAF CRS with Cross-Site-Scripting (XSS) payloadEarlier this year my colleague has identified an application which was clearly vulnerable to Cross-Site-Scripting as special characters…Jul 14, 20201Jul 14, 20201
Marcin SzydlowskiinInfoSec Write-upsVulnerable design leads to personal data leakage- yet another case of an inter-application…ForewordMar 9, 20201Mar 9, 20201
Marcin SzydlowskiinInfoSec Write-upsInter-application vulnerabilities and HTTP header issues.In 2018 I managed to report 27 unique vulnerabilities in web apps of well-known companies. I’m sharing my thoughts on the reported…Jan 3, 20192Jan 3, 20192
