Marcin Szydlowski – Medium

Marcin Szydlowski

Marcin Szydlowski
in
InfoSec Write-ups

Insecure comparison in PHP — Business Logic Bypass vulnerability

I have recently spotted an interesting vulnerability in a PHP application, which was in scope of a private bug bounty program. This…

2 min readMar 11, 2022

--

1

Insecure comparison in PHP — Business Logic Bypass vulnerability

--

1

Marcin Szydlowski
in
InfoSec Write-ups

Why am I rooting for a new category in OWASP TOP 10 2021 — Insecure Build/Deployment environment?

Earlier this year OWASP announced a planned release of brand-new OWASP TOP10 2021.

4 min readMar 28, 2021

--

Why am I rooting for a new category in OWASP TOP 10 2021 — Insecure Build/Deployment environment?

--

Marcin Szydlowski
in
InfoSec Write-ups

AWAE/OSWE review from a non-developer perspective

Earlier this year I had participated in Advanced Web Application Exploitation course by Offensive Security and after 60 days of lab I…

8 min readNov 24, 2020

--

AWAE/OSWE review from a non-developer perspective

--

Marcin Szydlowski
in
InfoSec Write-ups

Bypassing AWS WAF CRS with Cross-Site-Scripting (XSS) payload

Earlier this year my colleague has identified an application which was clearly vulnerable to Cross-Site-Scripting as special characters…

3 min readJul 14, 2020

--

1

Bypassing AWS WAF CRS with Cross-Site-Scripting (XSS) payload

--

1

Marcin Szydlowski
in
InfoSec Write-ups

Vulnerable design leads to personal data leakage- yet another case of an inter-application…

Foreword

3 min readMar 9, 2020

--

1

Vulnerable design leads to personal data leakage- yet another case of an inter-application…

--

1

Marcin Szydlowski
in
InfoSec Write-ups

Inter-application vulnerabilities and HTTP header issues.

In 2018 I managed to report 27 unique vulnerabilities in web apps of well-known companies. I’m sharing my thoughts on the reported…

7 min readJan 3, 2019

--

2

Inter-application vulnerabilities and HTTP header issues.

--

2

Marcin Szydlowski

Marcin Szydlowski

Cyber security professional. Head of AppSec. Synack Red Team member. Bug Bounty and CTF fan. @securityksl Opinions are my own.

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams