Web Pentest · 47 articles

Web Pentest

OWASP Top 10 in 2026, business logic flaws, authentication bypasses, API security.

Tools & Tutorials

CSP Bypass Techniques in 2026 and the Safe Defaults

CSP bypasses — JSONP on trusted CDN, AngularJS sandbox, unsafe-inline, wildcard sources, data: URIs, path-based bypasses. The nonce + strict-dynamic + Trusted…

Apr 25, 2026 · 2 min read
Tools & Tutorials

Prototype Pollution Exploitation in JavaScript

Prototype pollution in lodash, jQuery, custom merge utilities. Detection with Semgrep, exploitation paths (auth bypass, RCE chains), the safe-merge pattern with Object.create(null).

Apr 25, 2026 · 2 min read
Tools & Tutorials

Advanced JWT Attacks: kid Path Traversal, JWE Confusion, JWK Trust

Beyond alg:none — kid path traversal, kid SQL injection, jku/x5u trust confusion, embedded jwk header attacks, JWE algorithm confusion. jwt_tool workflow.

Apr 25, 2026 · 3 min read
Tools & Tutorials

WebSocket Security: Cross-Site Hijacking, Auth Gaps, Channel Leakage

WebSocket attacks — CSWSH (cross-site hijacking), per-message auth gaps, input validation, rate-limiting absence, broadcast channel leakage. Burp + wscat testing workflow.

Apr 25, 2026 · 2 min read
Tools & Tutorials

HTTP Request Smuggling: CL.TE, TE.CL, HTTP/2 Desync

Request smuggling variants — CL.TE, TE.CL, TE.TE with obfuscation, HTTP/2 desync. What attackers do (cache poisoning, auth bypass), Burp Smuggler workflow, HTTP/2…

Apr 25, 2026 · 2 min read
Tools & Tutorials

Web Cache Poisoning: Hidden Inputs and Param Miner

Web cache poisoning via unkeyed inputs (X-Forwarded-Host, custom headers, cookies). Burp Param Miner workflow. Cache key configuration as the architectural fix.

Apr 25, 2026 · 2 min read
Tools & Tutorials

WebAssembly Security: The 2026 Attack Surface

Wasm security model — sandboxed VM, memory isolation. What's attackable — memory bugs in Wasm code, JS-Wasm boundary, side-channel, cryptojacking, server-side WASI…

Apr 25, 2026 · 3 min read
Security Guides

RAG Security: Retrieval-Augmented Generation Attack Surface

RAG-specific attacks — document poisoning, indirect prompt injection, authorisation bypass via retrieval, embedding-based attacks, knowledge-base data exfiltration. Document, retrieval, and LLM-side defences.

Apr 25, 2026 · 3 min read
Security Guides

GraphQL Authorisation Bypass: The Deep-Dive

GraphQL's most consequential bug class isn't injection — it's authorisation bypass. Field-level over-exposure, resolver-level IDOR, mutation field injection, connection traversal, batched-query tenant…

Apr 25, 2026 · 4 min read
Tools & Tutorials

GraphQL Security in 2026: Beyond Introspection

GraphQL pentest beyond enabling introspection — schema enumeration without introspection, nested query DoS, alias-based brute-forcing, batched query authorisation bypass, IDOR via GraphQL,…

Apr 25, 2026 · 4 min read