omg.wtf.bbq.

because arshan’s too cheap to license OneNote

Browsing Posts tagged blackhat

Javasnoop 1.0 final released with new features, bug fixes, performance enhancements, and more.

Using “Content-disposition: attachment” when streaming user-uploaded files is unfortunately incomplete protection against all cross-origin issues. Most savvy testers know that without it, a user could send a victim a link directly to a malicious uploaded file or <iframe> it in from their evil site, causing XSS & SSRF. When this header is sent down in […]

I am submitting a paper for Blackhat USA and the OWASP Belgium and NYC conferences. These are exciting times. Blackhat is always cool, Belgium is far away, and I know Tom Brennan will put on a great show in NYC. The title of the paper, which I’m not glued to yet, is “Building And Mitigating […]