Bypassing Quotes Filters: String.fromCharCode() to the Rescue
XSS Series - Part 6 2 min read
Learn how String.fromCharCode() can bypass filters that remove quotes, and why filtering specific characters isn't enough for XSS protection
Bypassing Parentheses Filters: Template Literals to the Rescue
XSS Series - Part 5 3 min read
Learn how JavaScript template literals can bypass filters that remove parentheses, and why filtering specific characters isn't enough for XSS protection
Bypassing Filters with JSFuck: When Character Restrictions Aren't Enough
XSS Series - Part 4 6 min read
Learn how JSFuck can bypass filters that remove alphanumeric characters, and why simple character filtering is insufficient for XSS protection
Persistent XSS Through APIs: A Practical Analysis
XSS Series - Part 3 9 min read
Exploring how persistent XSS vulnerabilities can be exploited through API endpoints and how to prevent them
Learning XSS Through Practice: Baby Challenge Walkthrough
XSS Series - Part 2 8 min read
A beginner-friendly walkthrough of three XSS challenges that teach you exactly what Cross-Site Scripting is and how it works through hands-on practice
Understanding XSS: Cross-Site Scripting Basics
XSS Series - Part 1 19 min read
A comprehensive introduction to Cross-Site Scripting (XSS) attacks, covering types, techniques, and defense strategies
Route Discovery in SPAs: Security Testing with Headless Browsers
7 min read
Building a custom tool for discovering hidden routes in Single Page Applications using headless browser automation
Understanding Brute Force Attacks: From Theory to Practice
8 min read
A practical guide to brute force attacks, demonstrating exploitation techniques and mitigation strategies using OWASP Juice Shop
Getting Started with Web Security Testing
4 min read
Personal introduction to web security testing and the OWASP Juice Shop learning journey