Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal blog.doyensec.com/2025/01/07/csp… #pentesting #CyberSecurity #infosec

My English has never been good, I tried to translate what I had in my mind and I hope this shows how I feel Every step of this journey was a challenge—long hours, sacrifices, and moments when it felt impossible. But it was all worth it. I’m so proud and honored to have won 1st

Despite being central to their security, many orgs struggle to securely implement #OAuth. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: blog.doyensec.com/2025/01/30/oau… #doyensec #security #appsec

🚨 Michelin Red Team starting the year with a bang! Multiple vulnerabilities discovered in VMware Aria Operations (CVE-2025-22218, 22219, 22220, 22221, 22222) 🔥 Time to patch and stay sharp! 🔗 VMware Advisory: support.broadcom.com/web/ecx/suppor… #CyberSecurity #RedTeam #VMware #CVE2025

The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…

🎉 PESD v2.0 - now in the BApp Store ! Effortlessly generate dynamic sequence diagrams directly from #BurpSuite traffic! Now you can also create your own theme, conveniently edit generated diagrams with MD syntax and much more! Install it today! 🎉 #doyensec #appsec #security

Thanks to the recent PortSwigger top 10, I finally found the motivation to finish writing the 2nd article about DOMPurify security! 😁 Before releasing it, I would like to share a small challenge 🚩 Challenge link 👇 challenges.mizu.re/xss_04.html 1/2

🥳The latest !exploitable is here! We're sharing all the joy that comes with exploiting an arbitrary file write in GitLab, while cruising the Mediterranean. 🚢 Everything from onerous configurations to spotty internet! Enjoy! #doyensec #appsec #security blog.doyensec.com/2025/03/18/exp…

A crazy client-side exploit chain by Vitor Falcão "busfactor" & xssdoctor: CSPT+JSON+SelfXSS → cookie path → XSS This bug went through CSPT abuse, hidden params, CORs bypass, and CloudFront cache poisoning. Breakdown:

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal - Maxence SCHMITT blog.doyensec.com/2025/01/09/csp…

As a follow up to Maxence SCHMITT 's amazing #CSPT research, we've published a list of resources to help people interested in this class of vulnerabilities. Check it out today for video, tools, challenges and variety of publications! blog.doyensec.com/2025/03/27/csp… #Doyensec #appsec

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness! 🆕 Built-in GraphiQL and #GraphQL Voyager visualization regardless of the target 🆕Circular references detector 🆕Improved batch queries screen 🚀 SPEED! #doyensec #appsec github.com/doyensec/inql/…

After many late nights and busted apps as security consultant at Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

Our 73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today! doyensec.com/research.html#… #doyensec #appsec #security #linux

We'd like to welcome 👋marce as our latest Application Security Intern. Welcome aboard! 🎉 #doyensec #appsec #internship

This research is based on this article blog.doyensec.com/2025/01/09/csp… which explains that the magic bytes of a pdf (and webp) file are NOT in the beginning of the file. The article goes on to show that a valid pdf can be valid json

🚀We have just released a new Security Advisory for NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our Adrian Denkiewicz ! doyensec.com/resources/Doye… #doyensec #appsec #security

📢It's here! Part 2 of Norbert Szetei's (73696e65) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes. blog.doyensec.com/2025/09/02/ksm… #doyensec #appsec #security

DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 github.com/kevin-mizu/dom… 1/2

🚀 inQL v6.0.1 is out! Our GraphQL security tool got big upgrades.⚡ • Schema Brute-Forcer • Server Engine Fingerprinting • Automatic Variable Generation • Performance boosts & other improvements Details: blog.doyensec.com/2025/12/02/inq… #doyensec #graphql #appsec #securityforces