-
Authorization and Code Execution
Throughout my exploration of various authorization and code execution vulnerabilities, I learned some critical lessons about common weaknesses that are often overlooked in both development and security processes. Here’s a breakdown of the key findings from my studies: Authorization – 2I came across something sneaky while exploring IDOR vulnerabilities. I found that simply incrementing an…
-
Authentication and Authorization – Part 1
Today, we’ll dive into the basics of authentication and authorization, specifically focusing on common vulnerabilities and how they can be exploited. These types of bugs often form the foundation of real-world attacks, so getting familiar with them is key. Below is a walkthrough of a few beginner-friendly exercises that help build your intuition around these…
-
Reshaping my journey
For the past few years, while I worked as a software engineer, I’ve fallen into frustration and haven’t been as productive as I wished for as I wished for. While I was learning programming in my initial days , it was different, I was pumped and fueled most of the time. Initially, I thought it…
-
Hacking APIs for profit – Reddit bug bounty
Note : All the testing performed on the company mentioned here was done legally and on the consent of the company . All the information here was only shared once the bug was officially disclosed . There is a lot of discussion about security in Web 2.0, particularly concerning classic security flaws like XSS, SSRF,…
-
How to manage multiple ssh keys of different GitHub/Gitlab account ?
Throughout our journey as software engineers, many of us have encountered the challenge of managing multiple GitHub accounts. This situation often arises when we have either multiple GitHub accounts within the same company or a combination of personal and company accounts. It becomes crucial to effectively handle our SSH keys to prevent permission conflicts, as…
Bishesh Bhattarai
Thinking meets making