Hacker News
- Targeting HTTP's Hidden Attack-Surface http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html?m=1 13 comments
- Bypassing CSP using polyglot JPEGs http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html 15 comments
- Executing non-alphanumeric JavaScript without parentheses http://blog.portswigger.net/2016/07/executing-non-alphanumeric-javascript.html 19 comments
- Web Storage: the lesser evil for session tokens http://blog.portswigger.net/2016/05/web-storage-lesser-evil-for-session.html 69 comments
- Web App Hacker's Handbook 2nd Edition - Preview http://blog.portswigger.net/2011/05/web-app-hackers-handbook-2nd-edition.html 14 comments
- When Security Features Collide http://blog.portswigger.net/2017/10/when-security-features-collide.html 4 comments netsec
- Adapting Burp Extensions for Tailored Pentesting http://blog.portswigger.net/2017/08/adapting-burp-extensions-for-tailored.html 12 comments netsec
- How I Accidentally Framed Myself for a Hacking Frenzy http://blog.portswigger.net/2017/08/how-i-accidentally-framed-myself-for.html 27 comments netsec
- Cracking the Lens: Targeting HTTP's Hidden Attack-Surface http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html 20 comments netsec
- Bypassing CSP using polyglot JPEGs http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html 19 comments netsec
- JSON hijacking for the modern web http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html 4 comments netsec
- Backslash Powered Scanning: Hunting Unknown Vulnerability Classes http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html 28 comments netsec
- Exploiting CORS Misconfigurations for Bitcoins and Bounties http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html 6 comments netsec
- Executing non-alphanumeric JavaScript without parenthesis http://blog.portswigger.net/2016/07/executing-non-alphanumeric-javascript.html 13 comments netsec
- Web Storage: the lesser evil for session tokens? http://blog.portswigger.net/2016/05/web-storage-lesser-evil-for-session.html 13 comments netsec
- Adapting AngularJS Payloads to Exploit Real World Applications http://blog.portswigger.net/2016/04/adapting-angularjs-payloads-to-exploit.html 6 comments netsec
- Edge XSS filter bypass http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html 9 comments netsec
- XSS without HTML: Client-Side Template Injection with AngularJS http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html 10 comments netsec
- Abusing Chrome's XSS auditor to steal tokens http://blog.portswigger.net/2015/08/abusing-chromes-xss-auditor-to-steal.html 3 comments netsec
- Noscript XSS filter bypass http://blog.portswigger.net/2015/07/noscript-xss-filter-bypass.html 3 comments netsec
- PortSwigger Introduces Burp Collaborator - Out of Band Detection for Burp Scanner http://blog.portswigger.net/2015/04/introducing-burp-collaborator.html 13 comments netsec
- Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities http://blog.portswigger.net/2015/02/prssi.html 8 comments netsec
- Burp gets a makeover http://blog.portswigger.net/2012/06/burp-gets-makeover.html 6 comments netsec
- Breaking encrypted data using Burp http://blog.portswigger.net/2011/10/breaking-encrypted-data-using-burp.html 4 comments netsec