| 1156 |
How we got read access on Google’s production servers |
2014-04-11 |
| 409 |
Common Nginx misconfigurations that leave your web server open to attack |
2021-02-25 |
| 145 |
How I got a $3,500 USD Facebook Bug Bounty |
2012-12-30 |
| 100 |
The pitfalls of allowing file uploads on your website |
2014-05-20 |
| 14 |
Common Nginx misconfigurations that leave your web server open to attack (2020) |
2024-05-28 |
| 13 |
Hostile subdomain takeover using Heroku/GitHub/Desk + more |
2014-10-21 |
| 10 |
SQL injection in one minute |
2012-09-22 |
| 4 |
SSL certificates could be leaking company secrets |
2021-11-12 |
| 4 |
How I got the Bug Bounty for Mega.co.nz XSS |
2013-02-14 |
| 3 |
Hostile Subdomain Takeover Using Heroku/GitHub/Desk + More |
2014-10-22 |
| 3 |
Another iOS7 Lock Screen bypass with Control Center turned off |
2013-09-20 |
| 3 |
How we built a simple arcade game using SVG |
2012-11-03 |
| 2 |
The lesser known pitfalls of allowing file uploads on your website |
2014-05-20 |
| 2 |
XSS where you least expect it |
2012-12-02 |
| 2 |
Ask HN: Do you dare to show your PHP easter egg? |
2012-11-16 |
| 2 |
How to: Exploit an XSS |
2012-11-07 |
| 2 |
Universal XSS (UXSS) in Opera |
2012-10-05 |
| 2 |
The basics of Cross-site Scripting (XSS) |
2012-09-26 |
| 2 |
Do not dismiss the small vulnerabilities (2018) |
2020-06-16 |
| 2 |
Security is everyone’s business |
2015-09-21 |
| 1 |
Is this the ultimate SQL injection payload? |
2013-05-30 |
| 1 |
How to: Prioritize security patches using CVSSv2 |
2013-01-29 |
| 1 |
Zerg Rush: How to influence Google |
2012-05-02 |
| 1 |
Hacker School Reboot – insights from leading API hackers [video] |
2022-12-26 |
| 1 |
Go 1.12 runtime can cause OOM (Out of memory) error |
2019-09-16 |
| 1 |
The 7 biggest web security news of 2015 |
2015-12-17 |
| 1008 |
LastPass autofill exploit |
2016-07-27 |
| 343 |
Hacking Slack using postMessage and WebSocket-reconnect to steal your token |
2017-03-01 |
| 334 |
How to Hack APIs in 2021 |
2021-08-10 |
| 295 |
How I hijacked the top-level domain of a sovereign state |
2021-01-15 |
| 240 |
I exploited TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain (2018) |
2019-01-28 |
| 169 |
Popular Google Chrome extensions are constantly tracking you by default |
2015-11-19 |
| 32 |
How Patreon (probably) got hacked – Publicly exposed Werkzeug Debugger |
2015-10-02 |
| 26 |
Slack Bot Token Leakage Exposing Business Critical Information |
2016-04-28 |
| 19 |
Hacking CloudKit: How I accidentally deleted your Apple shortcuts |
2021-09-13 |
| 8 |
How the celebrity hack could have been done |
2014-09-01 |
| 7 |
How I disabled your Chrome security extensions |
2015-08-03 |
| 6 |
Building an XSS Polyglot Through SWF and CSP |
2015-05-28 |
| 6 |
Stealing files from web servers by exploiting a popular PDF generator |
2015-03-25 |
| 5 |
Using Google Cloud to Bypass NoScript |
2015-06-30 |
| 5 |
Hijacking of abandoned subdomains part 2 |
2014-12-08 |
| 5 |
The story of EV-SSL, AWS and trailing dot domains |
2016-10-06 |
| 3 |
Complete free quick test for #shellshock + how it works |
2014-09-25 |
| 3 |
Go hack yourself or someone else will |
2014-04-11 |
| 3 |
Thinking outside of the password manager box |
2019-02-28 |
| 3 |
GraphQL abuse: Bypass account level permissions through parameter smuggling |
2018-03-15 |
| 3 |
A deep dive into AWS S3 access controls – taking full control over your assets |
2017-07-13 |
| 2 |
Detectify:a vulnerability scanner built with and for modern technologies |
2015-07-08 |
| 2 |
Detectify – Stay secure – Go hack yourself |
2014-04-13 |
| 2 |
Reflected XSS browser test! |
2012-09-22 |
| 2 |
Hacking CloudKit: How I accidentally deleted your Apple Shortcuts |
2024-09-24 |
| 2 |
Account hijacking using “dirty dancing” in sign-in OAuth-flows |
2022-07-07 |
| 2 |
Looking for TLS private keys on Docker Hub |
2022-06-17 |
| 2 |
Types of Web Vulnerabilities That Are Often Missed |
2021-10-05 |
| 2 |
How to set up Docker for Varnish HTTP/2 request smuggling |
2021-08-27 |
| 2 |
Middleware, middleware everywhere – and lots of misconfigurations to fix |
2021-02-26 |
| 2 |
Tackling modern PHP bug classes |
2020-09-17 |
| 2 |
XSS using a bug in Safari and why blacklists are stupid |
2018-10-19 |
| 2 |
XSS using quirky implementations of ACME http-01 |
2018-09-08 |
| 2 |
TrackMania – a Chrome plugin to stalk your friends on Tinder |
2017-10-24 |
| 2 |
The pitfalls of postMessage |
2016-12-08 |
| 2 |
What HPKP is but isn't |
2016-07-05 |
| 1 |
What is a Prototype Pollution vulnerability and how does page-fetch help? |
2021-06-10 |
| 1 |
CVE-2020-29653: Stealing Froxlor login credentials using dangling markup |
2021-03-10 |
| 1 |
Scratching the surface of host headers in Safari |
2018-04-09 |
| 1 |
Using Google Analytics for data extraction |
2018-02-01 |
| 1 |
Stored XSS-Ing Millions of Sites Through HTML Comment Box |
2017-01-22 |
| 1 |
CSP flaws: cookie fixation |
2017-01-14 |
| 1 |
Using Chrome's Web-Custom-data UTI to Inject a Stored XSS in Slack |
2016-09-08 |
| 1 |
Almost impossible Slack XSS |
2016-09-02 |
| 1 |
Check if you're affected by the Dell root CA scandal |
2015-11-23 |