#infosec enthusiast • #golang dev & trainer • @GoSXBGo • minimalist • #degrowth advocate • atheist • chaotic good • trying to make sense of the Web • he/him
Aug 29, 2021 • 4 tweets • 1 min read
Perhaps you're attacking an API with a solid CORS configuration, and your form-based CSRF attack using "text/plain" is failing because the server replies that it expects "application/json". 😭 Try this trick... 1/3 #bugbountytips
Send a no-CORS request with content type "text/plain; application/json". If your request only contains CORS-safelisted headers, no preflight request will be triggered! 🤯 2/3 UntrueTautTriangle.jub0bs.repl.co
Jun 26, 2018 • 19 tweets • 5 min read
I'm only halfway through Bertrand Meyer's 2014 book, "Agile! The Good, the Hype and the Ugly", but it's already proven its worth as a lucid, unrestrained appraisal of #Agile principles and methodologies. Here are a few passages that resonated with me...
"#XP's insistence that [pair programming] should be the absolute rule [...] makes little sense conceptually, as it neglects the role of programmer personality (some excellent developers like to concentrate alone and will resent having to be paired) [...]"