Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Three Non Web-based XSS Injections
In this post guest blogger Alejandro Hernandez (nitr0us) writes about some interesting and fun XSS vectors which are not commonly seen.
Solutions for challenge 2B
A walkthrough of Challenge 2B from our SQL Injection series, including why a temporary table that stays out of information_schema forced participants to find creative ways to enumerate table and column names.
Solutions for challenge 2A
A walkthrough of the different approaches submitted for Challenge 2A in our SQL Injection challenge series, focusing on how the guest login and the user_id cookie open the door to privilege escalation.
A series of SQL Injection challenges
I want to introduce three SQL Injection challenges which were created for a CTF, but have yet to be solved... Could you be the first?
Using Burp to exploit a Blind SQL Injection
How to use Burp Suite to automate the process of extracting information from a SQL database through a Blind SQL Injection.