SecProject Web AppSec Challenge Series 1 Results
I am going to have a quick write up about the questions to publish all the amazing vectors. But first, thanks to those highly skilled web application security researchers who attended my challenge...
View ArticleBrowsers Anti-XSS methods in ASP (classic) have been defeated!
Download Link: http://soroush.secproject.com/downloadable/Browsers_Anti-XSS_methods_in_ASP_(classic)_have_been_defeated.pdf Browsers Anti-XSS methods in ASP (classic) have been defeated! This time, I...
View ArticleHow did I bypass everything in modsecurity evasion challenge?
First of all, at the moment this challenge is ongoing since last year (2013) and you may have already heard about it. Here is the link to this challenge:...
View ArticleRare ASP.NET request validation bypass using request encoding
I had blogged about this in NCC Group’s website. I thought it is the best to add a link to it here as well. It is possible to bypass the ASP.NET request validation capability when errors are ignored...
View Article
