From 0 to pentesting hero

4 little bugs in the Kallithea software that make it possible to access someone else’s data.

file_exists - a function that checks if a file with the given name exists on the hard drive. Could such a simple functionality be harmful?

Do you work with a lot of linux servers? Do you log in to each of them using your ssh key? On the one hand, you would like to change it more often, but on the other, the overwhelming amount of work associated with changing certificates on many servers discourages you? In today’s episode of ‘from 0 to pentesting hero’, we will take a look at how Netflix solved this problem.

Spring Boot Actuator is a tool that allows us to monitor our application built with spring. We can quickly measure various metrics and monitor traffic on our server or check the status of our database. All this thanks to simple rest endpoints.

You want to check which of them belong to the administrators and which are the accounts of ordinary users. Unfortunately, the account type is displayed on a different subpage than the one returned by the server after logging in.

A polyglot is a person who speaks many languages. But the term matters also in contex of security issues.

A functionality that allows you to exchange data between different domains.

Not so long ago, to make website’s content appear in real time it had to be kind of simulated. For example from the level of JavaScript - by sending a request to the server every few seconds and downloading the latest content.

Why you shouldn’t pass variables to assert function in PHP.

How to convince the user to delete his account on the website without his consent?