HTTP request smuggling bounce off my head #misunderstoodNA
@shotdregghun83742 жыл бұрын
Self XSS is a bug I'd say is misunderstood. If it's combined with registration CSRF, then it suddenly becomes true XSS via CSRF. Never say self XSS is useless, combine it with other bugs to create attack chains. #misunderstoodNA #bountypls
@SEX_ON_DRUGS2 жыл бұрын
nice video i havent seen a bug bounty video on this topic before
@samh52472 жыл бұрын
IDOR - ppl sometimes don’t get the difference between public and private data. #misunderstoodNA
@ordavid37032 жыл бұрын
One of the misunderstood subjects is How to avoid vulnerabilities by doing secure code reviews, In addition CSRF Subject and how to recognize and use #misunderstoodNA
@gk_eth2 жыл бұрын
I guess S3 bucket takeover is misunderstood since some cloud enumeration tools throws 404 buckets which can be created by anyone shows less or null impact.. #misunderstoodNA
@RX_100.02 жыл бұрын
Rxss and rate limiting, Subdomain take over issues were most misunderstood #misundeestoodNA #bountypls
@devangsolanki46222 жыл бұрын
Most misunderstood bug would be cros misconfiguration #missunderstoodNA
@mahtabmehek2 жыл бұрын
Low hanging fruits aren't prioritised enough, can you please touch on this topic? #misunderstoodNA #bountypls
@SaiKrishna-eo5tf2 жыл бұрын
Race condition and CORS misconfiguration #misunderstoodNA
@Kamikaze00ish2 жыл бұрын
Looking forward to seeing more videos from you! XSS doesn't make sense to me because I'm still so new and learning everything. #misunderstoodNA #bountypls
@deepakparmar68632 жыл бұрын
Open Redirect is mostly misunderstood #misunderstoodNA
@mayank-ir7tm2 жыл бұрын
Sensitive information disclosure #misunderstoodNA
@manmoon73962 жыл бұрын
Application level DOS #misunderstoodNA #bountypls
@kasperskyhackfi2 жыл бұрын
CORS, Web cache poisoning #misunderstoodNA
@Diddy812 жыл бұрын
prototype pollution #misunderstoodNA
@rami3sam2 жыл бұрын
Sensitive information disclosure especially if it's done by verbose error messages if they provide rich information about something very useful, when devising your exploits that could be the difference between failed and successful exploitation #misunderstoodNA
@rami3sam2 жыл бұрын
sometimes the person who will triage your report wouldn't understand how disclosing that information is dangerous and would only see cryptic messages that doesn't have any meaning
@alexandart21302 жыл бұрын
Please talk about JWT token #bountypls
@mosaa.mohmed84782 жыл бұрын
web cache poisoning #misunderstoodNA
@marvelmaniac_2 жыл бұрын
rate limiting issues #misunderstoodNA
@bignonbaba56962 жыл бұрын
account takeover #misunderstoodNA
@breakingthroughinside2 жыл бұрын
DOM based XSS #misunderstoodNA
@JayCyberSecurity2 жыл бұрын
i bet it's CSRF #misunderstoodNA
@Sumit-yadav8062 жыл бұрын
Dom basses xss #misunderstoodNA
@rohanrajgupta36142 жыл бұрын
Dom xss #misunderstoodNA
@liverecon2 жыл бұрын
one demo your day a day
@dhruvikagarwal65442 жыл бұрын
One of the most misunderstood bug is Weak Input Validation. If an application is accepting special characters like , ? then that is not a weak input validation, unless you have a proof that the same is stored/reflected without any encoding #misunderstoodNA
@manishneupane60702 жыл бұрын
👏👏
@behnamdadashi90592 жыл бұрын
I Would like to learn more about Mass Hunting, also I think HTTP smuggling is one of the most misunderstood bugs. #misunderstoodNA #bountypls
@AsifIqbal-qg8lp2 жыл бұрын
I think sometimes some bugs like No Rate Limiting in some endpoints misunderstood because clients(not all) think that it will not going to affect their application however it can affect them badly. Like if there is no proper rate limiting set in a forget password endpoint where user gets mail for reset password link then user can be easily flooded with mail which makes a bad impact for that organization. #misunderstoodNA
@Xplo8E2 жыл бұрын
#bountypls i want to know more about graphql Pentesting and Parameter pollution
@shreyapohekar84182 жыл бұрын
One of the misunderstood bug is subdomain takeover. Seeing those error messages corresponding to different services doesn't really mean that it is a subdomain takeover. People need to do a full poc to prove it. #misunderstoodNA
@Pr4547h2 жыл бұрын
#misunderstoodNA XXE
@pushpinderkaur65702 жыл бұрын
Would love to learn cloud security, esp AWS. #bountypls
@zenkoyuri2 жыл бұрын
Would love to learn more about cloud security #bountypls