$750 Bounty: Sensitive Data Exposure 2025-5-5 09:29:48 | 阅读: 10 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

$750 Bounty: Sensitive Data Exposure 2025-5-5 09:29:48 | 阅读: 11 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

I Slashed My Spring Boot Startup Time to 1.8 2025-5-5 09:29:34 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Stored XSS Led to OAuth App Credential Theft and Info Disclosure 2025-5-5 09:29:27 | 阅读: 11 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Stored XSS Led to OAuth App Credential Theft and Info Disclosure 2025-5-5 09:29:27 | 阅读: 11 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About 2025-5-5 09:29:22 | 阅读: 8 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Bug Hunting for Real: Tools, Tactics, and Truths No One Talks About 2025-5-5 09:29:22 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Equifax Breach: How a $700M Mistake Happened 2025-5-5 09:29:17 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

Secure your Python applications: Best practices for developers 2025-5-5 09:29:9 | 阅读: 9 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

DevSecOps Phase 3: Build Stage — CI/CD Security Gate with SAST + SCA 文章详细介绍了DevSecOps第三阶段“构建阶段”的安全措施，包括静态应用安全测试（SAST）、软件组成分析（SCA）、软件物料清单（SBOM）生成、安全制品处理及政策 enforcement。通过工具集成与流程优化，在构建阶段设置安全门以阻止漏洞进入下游环境。... 2025-5-5 09:29:1 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com security github cosign myapp cyclonedx

Modest Payouts, Major Payoff: 4 IDORs That Netted $12K 2025-5-5 09:28:41 | 阅读: 10 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

Modest Payouts, Major Payoff: 4 IDORs That Netted $12K 作者在HackerOne上发现4个严重的IDOR漏洞，每个漏洞获得$3,000奖励（总计$12,000）。这些漏洞涉及API端点中的未授权访问或数据泄露问题。作者通过详细分析和复现步骤展示了漏洞的影响，并提供了检测建议。文章强调培养IDOR思维的重要性，并分享了如何通过组合参数和测试创建操作来提升攻击效果的方法。... 2025-5-5 09:28:41 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com checklist attacker slug orders attendee

Subdomain Surfing to Server Secrets  — How I Took Over a Forgotten Subdomain 2025-5-5 09:28:17 | 阅读: 9 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

The Ultimate Guide to Email Input Field Vulnerability Testing 文章介绍了测试电子邮件字段安全性的方法和有效载荷，包括XSS、SSRF等漏洞的利用。通过RFC822合规验证工具测试有效和无效的电子邮件格式，揭示应用程序的验证逻辑强弱，并提供示例测试用例。... 2025-5-4 10:41:42 | 阅读: 6 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com rfc822 ssrf compliant strength

The Ultimate Guide to Email Input Field Vulnerability Testing 文章探讨了测试电子邮件字段安全性的方法与有效载荷，涉及XSS、SSRF、头注入等漏洞。通过RFC822合规工具测试不同邮件格式，评估验证逻辑强度，并提供基础与高级技术及实际案例分析。... 2025-5-4 10:41:42 | 阅读: 5 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com rfc822 marks compliant

$800 Bounty: Account Takeover in Shopify 2025-5-4 06:18:46 | 阅读: 8 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com

$800 Bounty: Account Takeover in Shopify 2025-5-4 06:18:46 | 阅读: 6 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

“Low on Space in Kali Linux? Here’s How I Fixed It and Freed Up GBs” 2025-5-4 06:17:33 | 阅读: 14 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

This Simple Domain Hack Is Fooling Millions: Don’t Be Next! 2025-5-4 06:16:50 | 阅读: 6 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com

DevSecOps Phase 2: Code & Commit Stage — Harden the Developer Workflow 2025-5-4 06:16:22 | 阅读: 7 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com