Ayoub

Content Security Policies (CSPs) are often deployed as the last line of defense against client-side attacks such as cross-site scripting (XSS) and clickjacking. Since their first introduction in 2012, they've enabled developers to control which and what resources are allowed to load and evaluate wit

At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security research community. This month, we've decided to take on a challenge ourselves as a way to give back to the community. In response to one of our recent articles, we decided to focus on JSON

Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring:  Finding an RCE using AI in GitHub  CORS exploitation cheat sheet  Scanning codebases with AI  Bypassing paywalls  SSTIs in AI models    And so much more! Let’s dive in! We are thrilled to announce that Inti

Traditional cross-site scripting (XSS) vulnerabilities were prevalent when server-side rendering (with languages like PHP, JSP, and ASP) was the norm. However, as applications become more complex and developers continue to shift application logic to the client-side, more complex client-side vulnerab

Before JSON Web Tokens (JWTs) became popular in today's app development landscape, web applications predominantly used server-side sessions, which presented horizontal scalability issues. JWTs solved this by moving authentication data from the server to the token itself. They are self-contained, sta