Month: June 2023
-
WebSecurityAcademy (PortSwigger) – Testing GraphQL APIs
Walk-through of the Testing GraphQL APIs labs on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Prototype pollution
Walk-through of the Prototype pollution vulnerabilities lab on PortSwigger Web Security Academy. Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects.
-
WebSecurityAcademy (PortSwigger) – Server-side template injection
Walk-through of the Server-side template injection vulnerabilities lab on PortSwigger Web Security Academy. Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate web pages by combining fixed templates with volatile data.…