Earlier this year I had participated in Advanced Web Application Exploitation course by Offensive Security and after 60 days of lab, I managed to pass the Offensive Security Web Expert exam. By writing this article I would like to provide some more information about this course and certification for people who are considering taking it in the future. I would like to especially share my experience with people who are not software developers.
I’m a cybersecurity specialist interested in application security and bug bounty hunting. …
Earlier this year my colleague has identified an application which was clearly vulnerable to Cross-Site-Scripting as special characters were not encoded.
However, he quickly learned that the application is behind a WAF as attempts to exploit XSS resulted in HTTP 403 error message.
After talking to application owners we learned that in fact application is behind an AWS WAF with Core Rule Set enabled.
Taking into account how many web applications use AWS WAF with CRS, bypassing it seemed quite challenging. However, we decided to spend some extra time attempting to do so.
We started with checking what is available on Twitter just to find this post from early…
It has been some time since I published my first article on inter-application vulnerabilities in modern web applications. Recently I identified one of them during bug bounty hunting and I personally think it is too good not to be shared with the broader community.
If you are one of tl;dr guys, we are speaking here about issues which exist because of cross-system dependencies and integrations of applications. Long story short — separately, two applications are free from vulnerabilities, however while considering them as a one, you have major security concerns within.
If you want to know more on the concept I encourage you to read my article from 2018. …
For the last couple of years I have been participating in various bug bounty programmes. Usually these programmes are ran by security-mature companies who take a lot of effort to make sure that their applications are secure. So how is that even possible that they are still vulnerable to well-known issues like XSS or IDOR which should not exist in 2018 anymore?
This article will share information about common “inter-application” vulnerabilities encountered during testing process and emphasize the need of appropriate security testing at each stage of system life cycle.
Unfortunately, I’m not able to share all technical details due to non-disclosure policy, but hopefully, after reading this article you will be able to reinforce vulnerability testing process in your company or identify more vulnerabilities in bug bounty programmes. …