bugbase-logo
Search Blog posts by name, keyword, author

Top 10 Ways to Bypass a WAF

Top 10 Ways to Bypass a WAF
In today's evolving cybersecurity landscape, attackers are constantly looking for ways to bypass security systems, and Web Application Firewalls (WAF) are no exception. As a crucia...
Read More

Featured Blogs

Top 10 Ways to Bypass a WAF
In today's evolving cybersecurity landscape, attackers are constantly looking fo...
WAFExploitVulnerability
How to Host a Vulnerability Disclosure Program
In today’s fast-paced cybersecurity landscape, organizations of all sizes and in...
VDPCISO
Rise of AI-Aided Cybersecurity Threats
This blog delves into AI-aided cybersecurity threats, exploring their nature, po...
AI-Threats Malware
Linux Privilege Escalation Fundamentals
Linux, the backbone of countless IT infrastructures and critical systems, is a f...
hackerlinux
How to Perform Dependency Checks to Secure Your Application?
In the dynamic landscape of cybersecurity, securing applications against vulnera...
hackerapplication security

Latest topics

Preview
Hacker
Top 10 Ways to Bypass a WAF
Top 10 Ways to Bypass a WAF
In today's evolving cybersecurity landscape, attackers are constantly looking for ways to bypass security systems, and W...
WAFExploitVulnerability
Published by Kathan Desai on October 17th 2024
Rise of AI-Aided Cybersecurity Threats Case Study
Rise of AI-Aided Cybersecurity Threats
This blog delves into AI-aided cybersecurity threats, exploring their nature, potential impacts, and how we can defend against them.
AI-Threats Malware
Published by A S Aravinthakshan on May 27th 2024
Linux Privilege Escalation Fundamentals
Linux Privilege Escalation Fundamentals
Linux, the backbone of countless IT infrastructures and critical systems, is a fortress guarded by meticulous permission...
hackerlinux
Published by Kathan Desai on April 2nd 2024
How to Perform Dependency Checks to Secure Your Application?
How to Perform Dependency Checks to Secure Your Application?
In the dynamic landscape of cybersecurity, securing applications against vulnerabilities has never been more critical. W...
hackerapplication security
Published by Kathan Desai on March 26th 2024
Malware Analysis - VBScript Decoding & Deobfuscating
Malware Analysis - VBScript Decoding & Deobfuscating
In the realm of cybersecurity, the analysis of malicious software, or malware, stands as a critical front in the battle ...
hackermalwaredecoding
Published by Kathan Desai on March 26th 2024
Windows Privilege Escalation Fundamentals
Windows Privilege Escalation Fundamentals
Navigating through the complexities of Windows Privilege Escalation (WPE) is essential for cybersecurity enthusiasts, et...
hackerbugbounty
Published by Kathan Desai on March 18th 2024
What is a Stack Based Overflow?
What is a Stack Based Overflow?
In the intricate and evolving world of cybersecurity, understanding the mechanics behind exploits is crucial for both of...
hacker
Published by Kathan Desai on March 18th 2024
Identifying, Attacking and Preventing Buffer Overflows
Identifying, Attacking and Preventing Buffer Overflows
In the realm of information security, certain vulnerabilities have stood the test of time, proving to be as relevant tod...
hackerbufferoverflow
Published by Kathan Desai on March 18th 2024
Does Cybersecurity Actually Require Coding?
Does Cybersecurity Actually Require Coding?
In the dynamic and ever-evolving realm of information security (infosec), the question of whether cybersecurity necessit...
CybersecurityCoding
Published by Kathan Desai on February 8th 2024
All About IDORs - Understand, Exploit, Prevent
All About IDORs - Understand, Exploit, Prevent
In this article, we will shed light on IDOR vulnerabilities, comprehensively examining the vulnerability itself, its roo...
IDORVulnerabilityHacks
Published by Sivadath KS on July 18th 2023
June Jeopardy - Walkthrough
June Jeopardy - Walkthrough
As a part of our monthly CTF cycle we organized June Jeopardy CTF where over 350+ hackers participated to fight for the ...
CTFHackVulnerability
Published by Tuhin Bose on July 4th 2023
May Mayhem - Walkthrough
In this blog post, we are going to solve two hard challenges of May Mayhem.
vulnerabilityCTFHacker
Published by Tuhin Bose on June 29th 2023
SAML 101: What, How, and Why SAML Exploits?
SAML 101: What, How, and Why SAML Exploits?
Discover the fundamentals of Single Sign-On (SSO) and gain a comprehensive understanding of the widely-used Security Assertion Markup Language (SAML).
VulnerabilityHackerSAML Exploit
Published by Devang Solanki on June 19th 2023
Demystifying XML External Entity (XXE) Injection: A Comprehensive Guide
Demystifying XML External Entity (XXE) Injection: A Comprehensive Guide
In this article, we will try to explain about basics of XML, what is XML External Entity (XXE) injection, why it arises,...
VulnerabilityXXE InjectionHacker
Published by Tuhin Bose on June 13th 2023
CISO
How to Host a Vulnerability Disclosure Program (VDP): A Comprehensive Guide
How to Host a Vulnerability Disclosure Program
In today’s fast-paced cybersecurity landscape, organizations of all sizes and industries face increasing risks from vuln...
VDPCISO
Published by Kathan Desai on October 17th 2024
Companies
Why is it imperative to integrate Bug Bounty into your SOC?
Why is it imperative to integrate Bug Bounty into your SOC?
This article explores the compelling reasons for adopting bug bounty programs and how platforms like BugBase can signifi...
Bug Bounty Programs Security Operations Center SOC Challenges
Published by Kathan Desai on March 6th 2024
Hackers
Automating Bug Bounties with Nuclei: Harnessing the power of custom templates
Automating Bug Bounties with Nuclei: Harnessing the power of custom templates
Explore bug bounty automation with Nuclei templates, crafting custom scans, fuzzing, and CVE detection for effective security testing.
Nuclei templates Bug bounty automation Custom vulnerability scanning
Published by Bhavarth Karmarkar on March 1st 2024
Exploring basic malware analysis techniques and tools
Exploring basic malware analysis techniques and tools
Explore the essentials of malware analysis in our latest blog, where we navigate through the setup of a secure sandbox e...
Malware Analysis Blue Teaming Sandboxing
Published by Siddharth Johri on February 21st 2024
Introduction to Binary Exploitation- Exploiting buffer overflows
Introduction to Binary Exploitation- Exploiting buffer overflows
This blog is the first in a series dedicated to binary exploitation in which we delve into the nuances of buffer overflow attacks.
Binary Exploitation pwning ctfs
Published by Bhavarth Karmarkar on February 15th 2024
A Guide to Open Redirection
A Guide to Open Redirection
In this blog, we are going to explore Open Redirection vulnerability - understanding what Open Redirection is, why Open ...
Open Redirection Vulnerability Unvalidated Redirects and Forwards
Published by Tuhin Bose on February 6th 2024
SSL Unpinning Made Easy
SSL Unpinning Made Easy
In this blog, we'll explore a simple way to disable SSL pinning in Android apps. But first, let's break down how BurpSui...
android android-security Frida
Published by Devang Solanki on January 4th 2024
The Flipper Zero: A boon and a "BAN"!
This blog talks about how a Flipper Zero is used for hardware hacking and how it has caused a ban at airports.
Hardware hacking IoT hacking
Published by Siddharth Johri on December 27th 2023
How to exploit .NET applications: A comprehensive guide
How to exploit .NET applications: A comprehensive guide
Explore the common vulnerabilities in .NET applications, including SQL Injection, XSS, and Insecure Deserialization, wit...
NET Application Security SQL Injection in .NET Cross-Site Scripting (XSS) in .NET
Published by Kathan Desai on December 15th 2023
Top 10 reasons you need penetration testing as a service
Top 10 reasons you need penetration testing as a service
Discover the critical importance of Penetration Testing as a Service (PTaaS) for modern businesses, highlighting the rol...
Penetration Testing as a Service (PTaaS) Cybersecurity Vulnerability Assessment PTaaS for Compliance
Published by Kathan Desai on December 15th 2023
Top 10 security products for your SOC: Pros, cons, and where to find them
Top 10 security products for your SOC: Pros, cons, and where to find them
Dive into our comprehensive guide on the top 10 SOC security products, comparing features, pros and cons, and integratio...
SOC Security Enhancements Advanced Threat Detection SIEM Solutions Comparison
Published by Kathan Desai on December 15th 2023
How to exploit MongoDB queries
How to exploit MongoDB queries
Learn how to secure MongoDB: Understand common vulnerabilities, explore query exploits with real code examples, and enha...
MongoDB Security NoSQL Vulnerabilities MongoDB Injection Attacks
Published by Kathan Desai on December 15th 2023
Mastering the art of subdomain takeover: Tips, Tricks and Profits
Mastering the art of subdomain takeover: Tips, Tricks and Profits
An exploration of a critical bug which is a waking nightmare for large companies on one hand and a goldmine for the bug bounty hunter on the other.
Subdomain Takeover Broken Link hijacking
Published by Bhavarth Karmarkar on December 14th 2023
How to bypass CSRF protection like a pro
How to bypass CSRF protection like a pro
In this blog, we will explore Cross-site Request Forgery vulnerability - understanding what CSRF is, discussing popular ...
CSRF Vulnerability Cross-site Request Forgery
Published by Tuhin Bose on December 5th 2023
Learning SSRF for Fun and Bounties
Learning SSRF for Fun and Bounties
In this blog, we will dive into the fundamentals of SSRF and explore how to exploit it to get bug bounties
ssrf aws gcp
Published by Devang Solanki on November 23rd 2023
Dissecting Supply Chain Attacks
Dissecting Supply Chain Attacks
This blog talks about what supply chain attacks are and how they affect all downstream users.
Supply chain attack side channel attacks enterprise security
Published by Siddharth Johri on November 15th 2023
Recon Series: Automation (Part-3)
Recon Series: Automation (Part-3)
This is the last part of the Recon Series which focuses on automating the recon process
Reconnaissancereconautomation
Published by Bhavarth Karmarkar on November 8th 2023
Recon Series : URL Enumeration (Part 2)
Recon Series : URL Enumeration (Part 2)
This is part 2 of a 3 part series explaining reconnaissance (recon) for bug bounty hunting. In part 2, we explained different recon methodologies.
recon reconnaissance bugbounty
Published by Tuhin Bose on October 31st 2023
Recon Series : Domain Enumeration (Part 1)
Recon Series : Domain Enumeration (Part 1)
This is part 1 of a 3 part series explaining reconnaissance (recon) for bug bounty hunting. In part 1, I explained diffe...
recon reconnaissance bugbounty
Published by Devang Solanki on October 18th 2023
Exploiting post message vulnerabilities for Fun and Profit
Exploiting post message vulnerabilities for Fun and Profit
In this blog, we talk about how to prevent, exploit and find post message vulnerabilities for cross origin communication
postMessage Same Origin Policy Cross Origin Communication
Published by Bhavarth Karmarkar on October 13th 2023
Understanding Zero Trust : Challenges and Implications
Understanding Zero Trust : Challenges and Implications
This blog talks about the zero trust access model, its specifics and usual challenges faced by organisations in implementing it successfully
compliance security model networks
Published by Siddharth Johri on October 6th 2023
All About JWT Vulnerabilities
All About JWT Vulnerabilities
In this blog, we'll discuss JSON Web Tokens, the structure of JWT, and various vulnerabilities associated with JWTs
JWT Vulnerability Cyber Security
Published by Tuhin Bose on September 27th 2023
CSP Bypass: Common Techniques and Mitigations
CSP Bypass: Common Techniques and Mitigations
Techniques to bypass CSP , vulnerable attack scenarios and how to protect against them
content security policy bypass xss
Published by Bhavarth Karmarkar on September 1st 2023
The Art of Bug Bounty Triage and Impactful Reporting
The Art of Bug Bounty Triage and Impactful Reporting
In this blog, we'll explore the realms of bug bounty triage and report writing, providing you with valuable insights on ...
bugbounty vulnerability hacking
Published by Sivadath KS on August 21st 2023
Exploiting Graphql for fun and bounties
Exploiting Graphql for fun and bounties
In this blog, we will dive into the fundamental concepts of GraphQL and explore its vulnerabilities to get bug bounties
graphql Idor vulnerbility
Published by Devang Solanki on August 11th 2023
July Jigsaw - Walkthrough
July Jigsaw - Walkthrough
As a part of our monthly CTF cycle we organised July Jigsaw CTF where over 400+ hackers participated to fight for the to...
binary exploitation web app pentesting wapt
Published by Bhavarth Karmarkar on August 8th 2023
Catching reverse shells over the internet
Catching reverse shells over the internet
In this blog, we talk about exposing one local port to the internet and using it to catch reverse shells like we would do in any local environment.
Reverse shell OPSec Firewall
Published by Siddharth Johri on August 2nd 2023
security
Top 10 exploits in PHP applications and how to exploit them
Top 10 exploits in PHP applications and how to exploit them
Explore the top 10 security exploits in PHP applications, including SQL Injection, XSS, RFI, and LFI, with in-depth anal...
PHP Security Vulnerabilities SQL Injection in PHP Cross-Site Scripting (XSS) PHP
Published by Kathan Desai on December 15th 2023
Attack Surface Management 101: An Essential Guide
Attack surface management is a critical component of cybersecurity that organizations must prioritize. It involves ident...
SecurityManagementPrevention
Published by BugBase on April 8th 2023
The Rise of Misconfiguration and Supply Chain Vulnerabilities
Learn about the rise of cyber attacks caused by misconfigurations and supply chain vulnerabilities, and how companies ca...
security
Published by BugBase on March 28th 2023
Responsible Disclosure Program: A Key Element of Cybersecurity
In the ever-evolving landscape of cybersecurity threats, it's critical to have a plan in place to safeguard sensitive da...
security
Published by BugBase on March 21st 2023
ALL YOU NEED TO KNOW ABOUT APOLLO COMMUNITY
Join the Apollo Community of BugBase and unlock a world of possibilities! This blog will answer all your doubts and quer...
security
Published by BugBase on February 4th 2023
WHAT IS CONTINUOUS TESTING AND HOW DOES IT WORK?
Continuous testing is an essential part of the software development process. It ensures that code changes are thoroughly...
security
Published by BugBase on January 20th 2023
How Capture The Flag Events Can Help You
"Are you a business or organization looking to improve your cybersecurity defenses? Capture The Flag (CTF) events may be...
security
Published by BugBase on January 20th 2023
PRIVATE VS PUBLIC BUG BOUNTY PROGRAM
Navigating the world of bug bounties can be confusing. Learn the key differences between public and private programs, an...
security
Published by BugBase on January 20th 2023
THE MOST DANGEROUS ATTACK YOU NEED TO KNOW ABOUT!
"Remote Code Execution (RCE) attacks are a serious threat to the security of any organization. These attacks allow hacke...
security
Published by BugBase on January 5th 2023
CAN BUG BOUNTY REPLACE PENTESTING ?
The traditional method of searching for vulnerabilities is penetration testing, wherein the tester is expected to find a...
security
Published by BugBase on December 24th 2022
DATA PROTECTION BILL 2022
Center's Ministry of Electronics and Information Technology (MeitY) recently tabled another version of the data protecti...
security
Published by BugBase on December 17th 2022
How To Handle A Bug Bounty Program Internally
The majority of firms are not equipped to offer public bug rewards because they lack the essential protocols, have too m...
security
Published by BugBase on December 14th 2022
MYTHS SURROUNDING CONTINUOUS TESTING
Continuous security testing is carried out to verify the security flaws that underlie your IT infrastructure and web app...
security
Published by BugBase on December 5th 2022
Defining scopes for bug bounty programs
The first step in creating your programme brief, which you should undertake if you’ve decided that you and your business...
security
Published by BugBase on November 21st 2022
An Integrated Guide to Vulnerability Management
Vulnerability management is the continuous, systematic process of finding, analyzing, reporting on, managing, and addres...
security
Published by BugBase on November 14th 2022
Defining Cyber Attack Liability
The risks of cyber liability are evolving rapidly, with new risks emerging as technology advances and new regulations ar...
security
Published by BugBase on November 1st 2022
How to Defend Against Threats to Critical Infrastructure
Cybersecurity breaches in critical infrastructure networks are increasing - appearing frequently in recent headlines. ...
security
Published by BugBase on October 20th 2022
What Have Recent Ransomware Attacks Taught Us?
Ransomware assaults have increased exponentially in recent years, and businesses everywhere need to be aware of the grow...
security
Published by BugBase on October 12th 2022
BugBase raises US$500,000 in pre-seed funding
100X.VC-backed Cybersecurity marketplace by two college dropouts, BugBase raises US$500,000 in funding led by 2am VC
security
Published by BugBase on July 21st 2022
BlackCat Ransomware becomes more lethal
The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
security
Published by BugBase on July 16th 2022
Mirror Mirror On the Wall, Which is the safest browser of them all?
A safe browser may hold different definitions in different domains. In general, a safe browser is one that has additiona...
security
Published by BugBase on July 1st 2022
PHP Type Juggling
Type juggling, often known as “type coercion,” is a PHP feature. This indicates that PHP will transform variables of var...
security
Published by BugBase on June 17th 2022
Introduction to Burp Suite
Burp, often known as Burp Suite, is a package of web application penetration testing tools developed by Portswigger.
security
Published by BugBase on June 12th 2022
Web Exploitation
Web applications frequently employ databases and rely on third-party web services to supply dynamic content.
security
Published by BugBase on June 3rd 2022
NGROK 101
Ngrok is a cross-platform program that uses the Internet to expose local server ports.
security
Published by BugBase on June 2nd 2022
What is Hashing?
The technique of transforming a given key into another value is known as hashing. A mathematical algorithm is employed t...
security
Published by BugBase on May 23rd 2022
BugBase is now ISO 27001:2013 Compliant
BugBase is excited to announce that our platform is now certified and compliant with ISO 27001 standards
security
Published by BugBase on May 19th 2022
A Deeper Dive into Cryptography and Steganography
Cryptography is the technique of securing information and its communication through the use of algorithms
security
Published by BugBase on May 19th 2022
Everything you need to know about DDoS Attacks
A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal traffic of the target’s server
security
Published by BugBase on May 19th 2022
Everything you need to know about Bug Bounties
A bug bounty program is a deal offered by businesses and organizations in which cybersecurity experts can receive recogn...
security
Published by BugBase on May 19th 2022
Social Engineering — How Human Flaws are used in hacking?
Social Engineering is an act of manipulating a person to take any action that may or may not be in “target's” best interest.
security
Published by BugBase on May 19th 2022
What’s the OSI Model?
The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to describe the functions of a networking system.
security
Published by BugBase on May 19th 2022
Bug Bounty
How to get the most of your bug bounty program
Unlock the full potential of your bug bounty program with expert strategies. From defining clear objectives and offering...
Bug BountyBlue TeamingCybersecurity
Published by Kathan Desai on June 6th 2023
How To
How to host a Bug Bounty Program on BugBase
In today's digital age, cybersecurity has become a top priority for businesses of all sizes. One effective way to identi...
security
Published by BugBase on April 27th 2023

Let's take your security
to the next level

security
bugbase logo
San Francisco, CA, USA
The Octagon, Singapore
[email protected]

About

Programs
For Companies
For Researchers
Partner with Us
BugBase Apollo
BugBase for Startups

Quick Links

Setup your Bug Bounty Program
Integrations
Login
Sign Up
FAQs
Blog

PRIVACY

Privacy Policy
Terms of Service
Customer Terms
Bounty Hunter Terms

SOCIAL

Give us your Feedback!
Bugbase SOC2Bugbase ISO27001

Copyright © 2024 BugBase All Rights Reserved