Web Pentest
OWASP Top 10 in 2026, business logic flaws, authentication bypasses, API security.
CSP Bypass Techniques in 2026 and the Safe Defaults
CSP bypasses — JSONP on trusted CDN, AngularJS sandbox, unsafe-inline, wildcard sources, data: URIs, path-based bypasses. The nonce + strict-dynamic + Trusted…
Tools & TutorialsPrototype Pollution Exploitation in JavaScript
Prototype pollution in lodash, jQuery, custom merge utilities. Detection with Semgrep, exploitation paths (auth bypass, RCE chains), the safe-merge pattern with Object.create(null).
Tools & TutorialsAdvanced JWT Attacks: kid Path Traversal, JWE Confusion, JWK Trust
Beyond alg:none — kid path traversal, kid SQL injection, jku/x5u trust confusion, embedded jwk header attacks, JWE algorithm confusion. jwt_tool workflow.
Tools & TutorialsWebSocket Security: Cross-Site Hijacking, Auth Gaps, Channel Leakage
WebSocket attacks — CSWSH (cross-site hijacking), per-message auth gaps, input validation, rate-limiting absence, broadcast channel leakage. Burp + wscat testing workflow.
Tools & TutorialsHTTP Request Smuggling: CL.TE, TE.CL, HTTP/2 Desync
Request smuggling variants — CL.TE, TE.CL, TE.TE with obfuscation, HTTP/2 desync. What attackers do (cache poisoning, auth bypass), Burp Smuggler workflow, HTTP/2…
Tools & TutorialsWeb Cache Poisoning: Hidden Inputs and Param Miner
Web cache poisoning via unkeyed inputs (X-Forwarded-Host, custom headers, cookies). Burp Param Miner workflow. Cache key configuration as the architectural fix.
Tools & TutorialsWebAssembly Security: The 2026 Attack Surface
Wasm security model — sandboxed VM, memory isolation. What's attackable — memory bugs in Wasm code, JS-Wasm boundary, side-channel, cryptojacking, server-side WASI…
Security GuidesRAG Security: Retrieval-Augmented Generation Attack Surface
RAG-specific attacks — document poisoning, indirect prompt injection, authorisation bypass via retrieval, embedding-based attacks, knowledge-base data exfiltration. Document, retrieval, and LLM-side defences.
Security GuidesGraphQL Authorisation Bypass: The Deep-Dive
GraphQL's most consequential bug class isn't injection — it's authorisation bypass. Field-level over-exposure, resolver-level IDOR, mutation field injection, connection traversal, batched-query tenant…
Tools & TutorialsGraphQL Security in 2026: Beyond Introspection
GraphQL pentest beyond enabling introspection — schema enumeration without introspection, nested query DoS, alias-based brute-forcing, batched query authorisation bypass, IDOR via GraphQL,…