Automating DOM XSS Discovery

📅 Nov 4, 2021 · ☕ 9 min read

How to automate DOM XSS discovery using semgrep and a single Python script.

---

Mitigation schmitigation: Control HttpOnly cookies through XSS

📅 Aug 16, 2021 · ☕ 4 min read

How HttpOnly can be beaten with XSS

---

Fuzz the Unfuzzable

📅 Aug 10, 2021 · ☕ 7 min read

4 useful ways to fuzz stuff that many people would consider 'unfuzzable'.

---

Cheatsheet: XSS that works in 2021

📅 Feb 7, 2021 · ☕ 5 min read

XSS Cheatsheet for 2021 and onwards.

---

Actual XSS in 2020

📅 Feb 1, 2020 · ☕ 6 min read

XSS Cheatsheet for 2020.

---

Minitip - Stored XSS through SVG

📅 Jan 9, 2020 · ☕ 1 min read

How to find persistent XSS through SVG files.

---