🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
Sven is a Staff Security Engineer at Invicti. He lives in Germany and is passionate about web application security. He loves to explore and exploit all different kinds of real-world vulnerabilities.
How bad is a missing Content-Type header?
APIs make XSS prevention a frontend job
Extracting data from insecure Elasticsearch templates
Analysis of the recent Oracle WebLogic Server remote code execution vulnerability
Cross-site Scripting in React Web Applications
Goodbye XSS Auditor
How you can steal private data through CSS injection
The Problem of String Concatenation and Format String Vulnerabilities
DNSFS: Is it possible to use DNS as a file system?
Discovering and hacking IoT devices using web-based attacks
Bypassing disabled system functions
Using Google bots as an attack vector
The dangers of incorrect CSP implementations
Pros and Cons of DNS Over HTTPS
PHP Type Juggling Exploit: Vulnerability, Payloads, and Fixes
Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security