Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feederportswigger.net
PortSwigger Research
Get the latest updates from PortSwigger Research directly as they happen.
Follow now 121 followers
Latest posts
Last updated 14 days ago
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
14 days ago
Control characters like SOH, STX, EOT and EOT were never meant to...
Document My Pentest: you hack, the AI writes it up!
21 days ago
Tired of repeating yourself? Automate your web security audit trail. In this...
SAML roulette: the hacker always wins
about 2 months ago
Introduction In this post, we’ll show precisely how to chain round-trip attacks...
Shadow Repeater: AI-enhanced manual testing
3 months ago
Have you ever wondered how many vulnerabilities you've missed by a hair's...
Top 10 web hacking techniques of 2024
3 months ago
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th...
Bypassing character blocklists with unicode overflows
4 months ago
Unicode codepoint truncation - also called a Unicode overflow attack - happens...
Stealing HttpOnly cookies with the cookie sandwich technique
4 months ago
In this post, I will introduce the "cookie sandwich" technique which lets...
Top ten web hacking techniques of 2024: nominations open
4 months ago
Nominations are now open for the top 10 new web hacking techniques...
Top 10 web hacking techniques of 2024: nominations open
4 months ago
Nominations are now open for the top 10 new web hacking techniques...
Bypassing WAFs with the phantom $Version cookie
5 months ago
HTTP cookies often control critical website features, but their long and convoluted...
New crazy payloads in the URL Validation Bypass Cheat Sheet
7 months ago
The strength of our URL Validation Bypass Cheat Sheet lies in the...
Concealing payloads in URL credentials
7 months ago
Last year Johan Carlsson discovered you could conceal payloads inside the credentials...