During one of my previous posts " Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers ", I discussed about several ...

In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verificat...

Introduction Sucuri Cloud Proxy  is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and preve...

twi This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn mis...

Since, my recent  android SOP bypass [CVE-2014-6041]  triggered a lot of eruption among the infosec community, I was motivated to resea...

Introduction Same Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic ...

While being impressed by  Collin Mulliner's research on smart phones, I found myself very curious trying to find vulnerabilities ins...

During my recent security research on " Puffin Web Browser " I found several security bugs with " Puffin Web Browser &quo...

There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you ob...

         Cross Site scripting (XSS) has been a problem for well over a decade now, XSS just like other well known security issues such a...

Introduction  We have already disclosed lots of findings related to DOM Based XSS and this article talks about a pretty interesting ...

Recently we released our " XSS Filter Evasion Cheat Sheet ", i was quite surprised to hear the community feedback. The total d...

Recently me along with my friend " Deepankar Arora " discovered a server side request forgery vulnerability inside of the phpT...

Trigger an error In this article I am going to describe some simple tips and tricks, which are useful to find and/or exploit error base...

Few days back we setup a small and interesting challenge for RHA readers, the main goal of the challenge was to find the  hosting provid...

This is a small case study, where my aim is to explain why you shouldn't use untrusted third party scripts on your website. Htmlcomm...

Recently, I have been on a mission to find XSS in popular security training websites, Since these are the ones who care about their secu...

                              We have wrote couple of articles discussing various techniques and attack vectors for SQL Injection, We have...

Now a days, I am not much active in bug bounty programs, However, still i wanted to share my experience with Opera, Opera does not have...

            Lately, i have been researching on DOM based XSS a bit, In my previous post i talked about the  DOM based XSS i found inside A...