Marcin SzydlowskiinInfoSec Write-upsInsecure comparison in PHP — Business Logic Bypass vulnerabilityI have recently spotted an interesting vulnerability in a PHP application, which was in scope of a private bug bounty program. This…2 min read·Mar 11, 2022--1--1
Marcin SzydlowskiinInfoSec Write-upsWhy am I rooting for a new category in OWASP TOP 10 2021 — Insecure Build/Deployment environment?Earlier this year OWASP announced a planned release of brand-new OWASP TOP10 2021.4 min read·Mar 28, 2021----
Marcin SzydlowskiinInfoSec Write-upsAWAE/OSWE review from a non-developer perspectiveEarlier this year I had participated in Advanced Web Application Exploitation course by Offensive Security and after 60 days of lab I…8 min read·Nov 24, 2020----
Marcin SzydlowskiinInfoSec Write-upsBypassing AWS WAF CRS with Cross-Site-Scripting (XSS) payloadEarlier this year my colleague has identified an application which was clearly vulnerable to Cross-Site-Scripting as special characters…3 min read·Jul 14, 2020--1--1
Marcin SzydlowskiinInfoSec Write-upsVulnerable design leads to personal data leakage- yet another case of an inter-application…Foreword3 min read·Mar 9, 2020--1--1
Marcin SzydlowskiinInfoSec Write-upsInter-application vulnerabilities and HTTP header issues.In 2018 I managed to report 27 unique vulnerabilities in web apps of well-known companies. I’m sharing my thoughts on the reported…7 min read·Jan 3, 2019--2--2