When did #PortSwigger shut down the User Forum? There is still a link to the forum on the website, but it now redirects to the generic support page.

a silhouette of a girl 's face with a pattern of squares on it ALT: a silhouette of a girl 's face with a pattern of squares on it

"I found the perfect punishment for Darling, early. <3" Wait, what's the punishme-"LEARNING #portswigger and preparing for bug bounties. <3" T-T WHY? "Learn, tiny trans fox girl. LEARN!~ Girls go to college to get more knowledge!" Oof...
chaosfoundy.digital/stream

Top 10 web hacking techniques of 2025 Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

Originally from PortSwigger: Top 10 web hacking techniques of 2025 ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Top 10 web hacking techniques of 2025: call for nominations Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te

Originally from PortSwigger: Top 10 web hacking techniques of 2025: call for nominations ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Original post on infosecwriteups.com

PortSwigger Academy Lab: Source code disclosure via backup files Description: This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the databa...

#information-disclosure #web-security #portswigger-lab #portswigger #sensitive-data-exposure […]

The Fragile Lock: Novel Bypasses For SAML Authentication TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

Originally from PortSwigger: The Fragile Lock: Novel Bypasses For SAML Authentication ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Introducing HTTP Anomaly Rank HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,

Originally from PortSwigger: Introducing HTTP Anomaly Rank ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Original post on systemweakness.com

Portswigger Web Security Academy | DOM-based Vulnerabilities Lab #1 Hi everyone! Today we’ll solve the first DOM-based vulnerabilities lab from the PortSwigger Web Security Academy. Let’s get ...

#vulnerability #portswigger #application-security #web-security #cybersecurity

Origin | Interest | […]

Visible Error-Based SQL Injection A Portswigger Lab

Latest #Portswigger SQL lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

medium.com/@marduk.i.am...

Blind SQL Injection with Conditional Errors A Portswigger Lab

Latest #Portswigger lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

medium.com/@marduk.i.am...

HTTP/1.1 must die: the desync endgame Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p

Originally from: PortSwigger: HTTP/1.1 must die: the desync endgame ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real

Originally from: PortSwigger: Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Inline Style Exfiltration: leaking data with chained CSS conditionals I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: Someone asked if you c

Originally from: PortSwigger: Inline Style Exfiltration: leaking data with chained CSS conditionals ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Cookie Chaos: How to bypass __Host and __Secure cookie prefixes Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve

Originally from: PortSwigger: Cookie Chaos: How to bypass __Host and __Secure cookie prefixes ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine Many testers and tools give up the moment a protocol upgrade to WebSocket occurs, or only perform shallow analysis. This is a huge blind spot, leaving many bugs like Broken Access Controls, Race condi

Originally from: PortSwigger: WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Original post on systemweakness.com

Portswigger Web Security Academy | XSS Lab #1 Hi everyone! Today, we’ll be solving the first XSS lab from the PortSwigger Web Security Academy. Let’s get started! Before we dive into the lab, ...

#web-applications #application-security #cybersecurity #xss-attack #portswigger

Origin | Interest […]

"The entire internet is broken": ethical hacking expert John Hammond meets James Kettle In a brand-new collaboration between ethical hacking and AppSec expert John Hammond and world-renowned security researcher James Kettle, the pair explore how tens of millions of websites are compromis

Portswigger put up a video about flaws in HTTP 1.1. it's got John Hammond!

portswigger.net/blog/the-entire-internet...

#portswigger #http

Original post on systemweakness.com

PortSwigger Lab Walkthrough: Blind OS Command Injection with Time Delays When it comes to exploiting web applications, nothing is more thrilling than turning a simple form input into a foothold on ...

#web-penetration-testing #portswigger #cybersecurity #application-security #portswigger-lab […]

burplabs: Automated python package for portswigger labs burplabs is a modular, Python-based CLI tool that automates solving labs from PortSwigger Web Security Academy . Its like like netexec, but m...

#python #security #burpsuite #portswigger #appsec

Origin | Interest | Match

Repeater Strike: manual testing, amplified Manual testing doesn't have to be repetitive. In this post, we're introducing Repeater Strike - a new AI-powered Burp Suite extension designed to automate the hunt for IDOR and similar vulnerabilities

Originally from: PortSwigger: Repeater Strike: manual testing, amplified ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Blind SQL Injection with Conditional Responses A Portswigger Lab

Latest lab write-up. Came out a bit long but very informative.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger

medium.com/@marduk.i.am...

Screenshot of Burp Suite's Intruder with 403 Forbidden responses for all payloads but <img src/onerror=alert(1)>.

<script>alert(1)</script> - 403 Forbidden
<img src=x onerror=console.log(1)> - 403 Forbidden
<svg onload=print()> - 403 Forbidden

I've recently encountered a web application firewall in a pentest, blocking all my attempts to insert an XSS payload.

In such […]

[Original post on infosec.exchange]

Drag and Pwnd: Leverage ASCII characters to exploit VS Code Control characters like SOH, STX, EOT and EOT were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics

Originally from: PortSwigger: Drag and Pwnd: Leverage ASCII characters to exploit VS Code ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Original post on systemweakness.com

Bypassing CSRF defenses using XSS…and more | Portswigger XSS Practitioner Part 2 In this articl...

systemweakness.com/bypassing-csrf-defenses-...

#cybersecurity #portswigger #writeup […]

Document My Pentest: you hack, the AI writes it up! Tired of repeating yourself? Automate your web security audit trail. In this post I'll introduce a new Burp AI extension that takes the boring bits out of your pen test. Web security testing can be a

Originally from: PortSwigger: Document My Pentest: you hack, the AI writes it up! ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

Original post on systemweakness.com

Diving deeper into XSS: Portswigger XSS Practitioner Labs Part 1 Let’s continue to understand m...

systemweakness.com/diving-deeper-into-xss-p...

#portswigger #javascript #cybersecurity #writeup #xss-attack […]

Beginner Walk-through: Portswigger’s Cross Site Scripting All Apprentice Labs In this article, ...

systemweakness.com/beginner-walk-through-po... […]

[Original post on systemweakness.com]

Beginners Walk-through Portswigger Labs SQL Injection Lab 13-Lab 18 Let’s continue our series i...

systemweakness.com/beginners-walk-through-p...

#portswigger […]

[Original post on systemweakness.com]

HTTP Request Smuggling: как особенности в обработке HTTP-заголовк...

habr.com/ru/companies/jetinfosyst...

#http #request #smuggling #Web #Cache #Poisoning #безопасность […]

[Original post on habr.com]