Token Hijacking via PDF
PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a
Read more
Training
Bypassing CSP via ajax.googleapis.com
Content Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers add ajax.googleapis.com to CSP definitions, because
Read more
Exploiting Race Conditions
A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to
Read more
December training
We are back with some training for you in December. Check out these amazing courses!
Read more
44CON and Coronavirus
To avoid unnecessary anxiety, we’ve punctuated this post with emergency puppers. It’s been a wild few years in the UK
Read more