Articles tagged with "Bug Bounty" (2)


Exploiting weak Content Security Policy (CSP) rules for fun and profit

This article is based on my findings during a bug bounty. I was looking for any input bugs which could trigger a XSS but didn’t find any until I tested the file upload functionality. Users had the option to drag&drop images into the …


Using Amazon S3 for your static site? One thing to keep in mind

Amazon is a great service for hosting your static website. The way it works is by creating a S3 bucket with the name of your website, uploading your files to the bucket and changing the permissions so that the bucket can be read by the internet. So long as …