I'm going to keep this plain and simple and hopefully teach others some interesting things when it comes to testing websites. I'll be discussing each of the vuln types I report along with interesting bypasses, as well as areas people sometimes miss.
I am currently in the top 10 on bugcrowd.
Questions? tweet me @zseano
Open url redirects are always considered as "low impact", but can we really turn an open url redirect into a $2500 payout? Let's dive in to the world of open url redirects and everything about them.
IDOR's (Insecure Direct Object Reference) are everywhere if you know where to look. In this tutorial we discuss various areas i've found them and what to do when you think you've found one.
Rate limiting can be considered critical based on what your attacking. In this tutorial we discuss various techniques for bypassing rate limits.
WAF's and XSS filters can sometimes pose a problem, but don't fear as methods to bypass are available. In this tutorial we look into some things you can try.
Cross Site Request Forgery protection can sometimes be bypassed. In this tutorial I give an exammple of a site wide CSRF issue, and things you can try to get a CSRF bypass.
In this tutorial I go through some methods I use for recon and finding lots of endpoints to play with