PinnedsecureITmaniainentersoftsecurityWeird “Subdomain Take Over” pattern of Amazon S3Even though you have an idea on the subdomain takeover via AWS S3. In this write-up, I will show the non-typical way of S3 subdomainMay 31, 2020May 31, 2020
secureITmaniaS3 bucket enumeration simplified.A web-based tool to scan the S3 bucket misconfiguration.May 291May 291
secureITmaniaNever use the GET method for Sensitive Actions in Web App: Ft. CSRFThe Limitation of Cookie’s “SameSite: Lax” SecurityApr 28Apr 28
secureITmaniaWhy Appropriate Content-Type Header Matters In REST API Security: Ft. JSON XSSLet's Explore the Content-Type Header Role in API Security Oct 15, 2023Oct 15, 2023
secureITmaniaThe Art of Identifying X$$ & WAF Bypass Fuzzing TechniqueA smart way to hunt Cross-Site Scripting vulnerabilitySep 30, 2023Sep 30, 2023
secureITmaniaLearn and Earn with the Most Common Unsecured Methods of OTP Bypass Techniques: Unpacking the…Discover the ultimate guide for bug bounty hunters to detect sneaky OTP validation vulnerabilities!Jul 11, 2023Jul 11, 2023
secureITmaniaThe Importance of Checking User-Agent Header Dependency in Penetration TestingNever ever give a chance to leave a bug to automated scanners.Jun 2, 2023Jun 2, 2023
secureITmaniaSecure docker instance with basic AuthenticationNginx reverse proxy with Basic AuthenticationJul 1, 2022Jul 1, 2022
secureITmaniaNever leave this tip while you hunting Broken Access ControlA special Bug-Bounty tip for Bug hunters and Pen-testersNov 12, 2021Nov 12, 2021
secureITmaniainentersoftsecurityDeploy a personal VPN in LinodeA better way to take control of your online privacyJul 11, 2021Jul 11, 2021
