←
Blog
contact
Github Actions and the threat of malicious pull requests
Shaking secrets out of CircleCI builds - insecure configuration and the threat of malicious pull requests
Cache poisoning DoS in CloudFoundry gorouter (CVE-2020-5401)
Exploiting email address parsing with AWS SES
Abusing HTTP hop-by-hop request headers
Wordpress Visualizer plugin XSS and SSRF
HAProxy HTTP request smuggling (CVE-2019-18277)
CORS'ing a Denial of Service via cache poisoning
NBA 2K19 and the case of the curious t2.corp request
Be careful with authenticated CORS and secrets like CSRF tokens