HTTP request smuggling bounce off my head #misunderstoodNA

Self XSS is a bug I'd say is misunderstood. If it's combined with registration CSRF, then it suddenly becomes true XSS via CSRF. Never say self XSS is useless, combine it with other bugs to create attack chains. #misunderstoodNA #bountypls

nice video i havent seen a bug bounty video on this topic before

IDOR - ppl sometimes don’t get the difference between public and private data. #misunderstoodNA

One of the misunderstood subjects is How to avoid vulnerabilities by doing secure code reviews, In addition CSRF Subject and how to recognize and use #misunderstoodNA

I guess S3 bucket takeover is misunderstood since some cloud enumeration tools throws 404 buckets which can be created by anyone shows less or null impact.. #misunderstoodNA

Rxss and rate limiting, Subdomain take over issues were most misunderstood #misundeestoodNA #bountypls

Most misunderstood bug would be cros misconfiguration #missunderstoodNA

Low hanging fruits aren't prioritised enough, can you please touch on this topic? #misunderstoodNA #bountypls

Race condition and CORS misconfiguration #misunderstoodNA

Looking forward to seeing more videos from you! XSS doesn't make sense to me because I'm still so new and learning everything. #misunderstoodNA #bountypls

Open Redirect is mostly misunderstood #misunderstoodNA

Sensitive information disclosure #misunderstoodNA

Application level DOS #misunderstoodNA #bountypls

CORS, Web cache poisoning #misunderstoodNA

prototype pollution #misunderstoodNA

Sensitive information disclosure especially if it's done by verbose error messages if they provide rich information about something very useful, when devising your exploits that could be the difference between failed and successful exploitation #misunderstoodNA

Please talk about JWT token #bountypls

web cache poisoning #misunderstoodNA

rate limiting issues #misunderstoodNA

account takeover #misunderstoodNA

DOM based XSS #misunderstoodNA

i bet it's CSRF #misunderstoodNA

Dom basses xss #misunderstoodNA

Dom xss #misunderstoodNA

one demo your day a day

One of the most misunderstood bug is Weak Input Validation. If an application is accepting special characters like , ? then that is not a weak input validation, unless you have a proof that the same is stored/reflected without any encoding #misunderstoodNA

👏👏

I Would like to learn more about Mass Hunting, also I think HTTP smuggling is one of the most misunderstood bugs. #misunderstoodNA #bountypls

I think sometimes some bugs like No Rate Limiting in some endpoints misunderstood because clients(not all) think that it will not going to affect their application however it can affect them badly. Like if there is no proper rate limiting set in a forget password endpoint where user gets mail for reset password link then user can be easily flooded with mail which makes a bad impact for that organization. #misunderstoodNA

#bountypls i want to know more about graphql Pentesting and Parameter pollution

One of the misunderstood bug is subdomain takeover. Seeing those error messages corresponding to different services doesn't really mean that it is a subdomain takeover. People need to do a full poc to prove it. #misunderstoodNA

#misunderstoodNA XXE

Would love to learn cloud security, esp AWS. #bountypls

Would love to learn more about cloud security #bountypls

Great One..

1st