Pentest Copilot
For Companies
Reseachers
Programs
Products
Plans
Blogs
Login
Search Blog posts by name, keyword, author
Bypassing CSRF Protection Like a Pro
In this blog, we will explore Cross-site Request Forgery vulnerability - understanding what CSRF is, discussing popular prevention methodologies & common mistakes in implementing t...
Read More
Featured Blogs
Bypassing CSRF Protection Like a Pro
In this blog, we will explore Cross-site Request Forgery vulnerability - underst...
CSRF
Vulnerability
Cross-site Request Forgery
Learning SSRF for Fun and Bounties
In this blog, we will dive into the fundamentals of SSRF and explore how to expl...
ssrf
aws
gcp
bug bounty
vulnerability
ssrf exploits
Dissecting Supply Chain Attacks
This blog talks about what supply chain attacks are and how they affect all downstream users.
Supply chain attack
side channel attacks
enterprise security
Recon Series: Automation (Part-3)
This is the last part of the Recon Series which focuses on automating the recon process
Reconnaissance
recon
automation
bugbounty
aws
cloud
Recon Series : URL Enumeration (Part 2)
This is part 2 of a 3 part series explaining reconnaissance (recon) for bug boun...
recon
reconnaissance
bugbounty
infosec
Latest topics
Preview
Hackers
Bypassing CSRF Protection Like a Pro
In this blog, we will explore Cross-site Request Forgery vulnerability - understanding what CSRF is, discussing popular ...
CSRF
Vulnerability
Cross-site Request Forgery
Published on December 5th 2023
Learning SSRF for Fun and Bounties
In this blog, we will dive into the fundamentals of SSRF and explore how to exploit it to get bug bounties
ssrf
aws
gcp
bug bounty
vulnerability
ssrf exploits
Published on November 23rd 2023
Dissecting Supply Chain Attacks
This blog talks about what supply chain attacks are and how they affect all downstream users.
Supply chain attack
side channel attacks
enterprise security
Published on November 15th 2023
Recon Series: Automation (Part-3)
This is the last part of the Recon Series which focuses on automating the recon process
Reconnaissance
recon
automation
bugbounty
aws
cloud
Published on November 8th 2023
Recon Series : URL Enumeration (Part 2)
This is part 2 of a 3 part series explaining reconnaissance (recon) for bug bounty hunting. In part 2, we explained different recon methodologies.
recon
reconnaissance
bugbounty
infosec
Published on October 31st 2023
Recon Series : Domain Enumeration (Part 1)
This is part 1 of a 3 part series explaining reconnaissance (recon) for bug bounty hunting. In part 1, I explained diffe...
recon
reconnaissance
bugbounty
infosec
Published on October 18th 2023
Exploiting post message vulnerabilities for Fun and Profit
In this blog, we talk about how to prevent, exploit and find post message vulnerabilities for cross origin communication
postMessage
Same Origin Policy
Cross Origin Communication
XSS
DOM-Based XSS
Account Takeover
Information Disclosure
Bypass
Published on October 13th 2023
Understanding Zero Trust : Challenges and Implications
This blog talks about the zero trust access model, its specifics and usual challenges faced by organisations in implementing it successfully
compliance
security model
networks
Published on October 6th 2023
All About JWT Vulnerabilities
In this blog, we'll discuss JSON Web Tokens, the structure of JWT, and various vulnerabilities associated with JWTs
JWT
Vulnerability
Cyber Security
Account Takeover
Published on September 27th 2023
CSP Bypass: Common Techniques and Mitigations
Techniques to bypass CSP , vulnerable attack scenarios and how to protect against them
content security policy
bypass
xss
cors
data exfiltration
misconfiguration
policy injection
dangling markup injection
mitigations
Published on September 1st 2023
The Art of Bug Bounty Triage and Impactful Reporting
In this blog, we'll explore the realms of bug bounty triage and report writing, providing you with valuable insights on ...
bugbounty
vulnerability
hacking
triager
triaging
reporting
bounty
impact
Published on August 21st 2023
Exploiting Graphql for fun and bounties
In this blog, we will dive into the fundamental concepts of GraphQL and explore its vulnerabilities to get bug bounties
graphql
Idor
vulnerbility
csrf
graphql exploits
bug bounty
graphql hacking
Published on August 11th 2023
July Jigsaw - Walkthrough
As a part of our monthly CTF cycle we organised July Jigsaw CTF where over 400+ hackers participated to fight for the to...
binary exploitation
web app pentesting
wapt
Cryptography
Published on August 8th 2023
Catching reverse shells over the internet
In this blog, we talk about exposing one local port to the internet and using it to catch reverse shells like we would do in any local environment.
Reverse shell
OPSec
Firewall
ngrok
Published on August 2nd 2023
Hacker
All About IDORs - Understand, Exploit, Prevent
In this article, we will shed light on IDOR vulnerabilities, comprehensively examining the vulnerability itself, its roo...
IDOR
Vulnerability
Hacks
Exploits
Published on July 18th 2023
June Jeopardy - Walkthrough
As a part of our monthly CTF cycle we organized June Jeopardy CTF where over 350+ hackers participated to fight for the ...
CTF
Hack
Vulnerability
Published on July 4th 2023
May Mayhem - Walkthrough
In this blog post, we are going to solve two hard challenges of May Mayhem.
vulnerability
CTF
Hacker
Published on June 29th 2023
SAML 101: What, How, and Why SAML Exploits?
Discover the fundamentals of Single Sign-On (SSO) and gain a comprehensive understanding of the widely-used Security Assertion Markup Language (SAML).
Vulnerability
Hacker
SAML Exploit
Published on June 19th 2023
Demystifying XML External Entity (XXE) Injection: A Comprehensive Guide
In this article, we will try to explain about basics of XML, what is XML External Entity (XXE) injection, why it arises,...
Vulnerability
XXE Injection
Hacker
Published on June 13th 2023
Bug Bounty
How to get the most of your bug bounty program
Unlock the full potential of your bug bounty program with expert strategies. From defining clear objectives and offering...
Bug Bounty
Blue Teaming
Cybersecurity
Published on June 6th 2023
How To
How to host a Bug Bounty Program on BugBase
In today's digital age, cybersecurity has become a top priority for businesses of all sizes. One effective way to identi...
security
Published on April 27th 2023
security
Attack Surface Management 101: An Essential Guide
Attack surface management is a critical component of cybersecurity that organizations must prioritize. It involves ident...
Security
Management
Prevention
Published on April 8th 2023
The Rise of Misconfiguration and Supply Chain Vulnerabilities
Learn about the rise of cyber attacks caused by misconfigurations and supply chain vulnerabilities, and how companies ca...
security
Published on March 28th 2023
Responsible Disclosure Program: A Key Element of Cybersecurity
In the ever-evolving landscape of cybersecurity threats, it's critical to have a plan in place to safeguard sensitive da...
security
Published on March 21st 2023
ALL YOU NEED TO KNOW ABOUT APOLLO COMMUNITY
Join the Apollo Community of BugBase and unlock a world of possibilities! This blog will answer all your doubts and quer...
security
Published on February 4th 2023
WHAT IS CONTINUOUS TESTING AND HOW DOES IT WORK?
Continuous testing is an essential part of the software development process. It ensures that code changes are thoroughly...
security
Published on January 20th 2023
How Capture The Flag Events Can Help You
"Are you a business or organization looking to improve your cybersecurity defenses? Capture The Flag (CTF) events may be...
security
Published on January 20th 2023
PRIVATE VS PUBLIC BUG BOUNTY PROGRAM
Navigating the world of bug bounties can be confusing. Learn the key differences between public and private programs, an...
security
Published on January 20th 2023
THE MOST DANGEROUS ATTACK YOU NEED TO KNOW ABOUT!
"Remote Code Execution (RCE) attacks are a serious threat to the security of any organization. These attacks allow hacke...
security
Published on January 5th 2023
CAN BUG BOUNTY REPLACE PENTESTING ?
The traditional method of searching for vulnerabilities is penetration testing, wherein the tester is expected to find a...
security
Published on December 24th 2022
DATA PROTECTION BILL 2022
Center's Ministry of Electronics and Information Technology (MeitY) recently tabled another version of the data protecti...
security
Published on December 17th 2022
How To Handle A Bug Bounty Program Internally
The majority of firms are not equipped to offer public bug rewards because they lack the essential protocols, have too m...
security
Published on December 14th 2022
MYTHS SURROUNDING CONTINUOUS TESTING
Continuous security testing is carried out to verify the security flaws that underlie your IT infrastructure and web app...
security
Published on December 5th 2022
Defining scopes for bug bounty programs
The first step in creating your programme brief, which you should undertake if you’ve decided that you and your business...
security
Published on November 21st 2022
An Integrated Guide to Vulnerability Management
Vulnerability management is the continuous, systematic process of finding, analyzing, reporting on, managing, and addres...
security
Published on November 14th 2022
Defining Cyber Attack Liability
The risks of cyber liability are evolving rapidly, with new risks emerging as technology advances and new regulations ar...
security
Published on November 1st 2022
How to Defend Against Threats to Critical Infrastructure
Cybersecurity breaches in critical infrastructure networks are increasing - appearing frequently in recent headlines. ...
security
Published on October 20th 2022
What Have Recent Ransomware Attacks Taught Us?
Ransomware assaults have increased exponentially in recent years, and businesses everywhere need to be aware of the grow...
security
Published on October 12th 2022
BugBase raises US$500,000 in pre-seed funding
100X.VC-backed Cybersecurity marketplace by two college dropouts, BugBase raises US$500,000 in funding led by 2am VC
security
Published on July 21st 2022
BlackCat Ransomware becomes more lethal
The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
security
Published on July 16th 2022
Mirror Mirror On the Wall, Which is the safest browser of them all?
A safe browser may hold different definitions in different domains. In general, a safe browser is one that has additiona...
security
Published on July 1st 2022
PHP Type Juggling
Type juggling, often known as “type coercion,” is a PHP feature. This indicates that PHP will transform variables of var...
security
Published on June 17th 2022
Introduction to Burp Suite
Burp, often known as Burp Suite, is a package of web application penetration testing tools developed by Portswigger.
security
Published on June 12th 2022
Web Exploitation
Web applications frequently employ databases and rely on third-party web services to supply dynamic content.
security
Published on June 3rd 2022
NGROK 101
Ngrok is a cross-platform program that uses the Internet to expose local server ports.
security
Published on June 2nd 2022
What is Hashing?
The technique of transforming a given key into another value is known as hashing. A mathematical algorithm is employed t...
security
Published on May 23rd 2022
BugBase is now ISO 27001:2013 Compliant
BugBase is excited to announce that our platform is now certified and compliant with ISO 27001 standards
security
Published on May 19th 2022
A Deeper Dive into Cryptography and Steganography
Cryptography is the technique of securing information and its communication through the use of algorithms
security
Published on May 19th 2022
Everything you need to know about DDoS Attacks
A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal traffic of the target’s server
security
Published on May 19th 2022
Everything you need to know about Bug Bounties
A bug bounty program is a deal offered by businesses and organizations in which cybersecurity experts can receive recogn...
security
Published on May 19th 2022
Social Engineering — How Human Flaws are used in hacking?
Social Engineering is an act of manipulating a person to take any action that may or may not be in “target's” best interest.
security
Published on May 19th 2022
What’s the OSI Model?
The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to describe the functions of a networking system.
security
Published on May 19th 2022