WAF bypasses, CVE research & constant-time crypto.
⏰ Introducing constant-time support for LLVM to protect cryptographic code
Trail of Bits explains their work on adding constant-time support to LLVM so that compiled cryptographic code remains constant-time: Introducing constant-time support for LLVM to protect cryptographic code.
⛔️ Bypassing WAFs for Fun and JS Injection with Parameter Pollution
A great summary of the current state of HTTP parameter pollution as a way to bypass WAFs: Bypassing WAFs for Fun and JS Injection with Parameter Pollution.
🧐 How to Research & Reverse Web Vulnerabilities 101
One of my favourite hobbies (CVE analysis) is covered in this blog post from the ProjectDiscovery team: How to Research & Reverse Web Vulnerabilities 101.
Written by PentesterLab
The platform to learn web hacking and security code review
