Category Security

Security, Web Attacks

Content Security Policy – Script-Src

This blog post is going to summarize the available options (values) for the ‘script-src’ directive within the Content Security Policy (CSP) header. The CSP should be configured from a security standpoint such that it bolsters the security posture of your…

scomurr
11/25/2024

Technical SEO, On-Page SEO, Security, SEO, Web Attacks

Chrome Dev Tools – AI Assist

google chrome ai assist blog cover image

Chrome Dev Tools – AI Assist Ever found yourself looking at the console in Chrome Dev tools and wondering “what in the world does that mean?” If so, then this post is for you! Now, without having to pop back…

scomurr
05/16/2024

Security, Web Attacks

HTTP Request Smuggling – HTTP/2 Request Tunnelling

Time for another one of the advanced labs on the PortSwigger Web Security Academy. For this lab, we are dealing with an HTTP/2 downgrade attack that allows the attacker to smuggle a request to the backend. Due to how the…

scomurr
03/19/2023

Security, Web Attacks

HTTP Request Smuggling – Web Cache Poisoning for Deception

This lab is a bit similar to the last, however, it has a completely different purpose. In the previous, we poisoned the cache in an attempt to trigger an XSS. In this lab, we are looking at poisoning a cache…

scomurr
03/12/2023

Security, Web Attacks

HTTP Request Smuggling – Web Cache Poisoning

This lab is a lot of fun and requires chaining together techniques to fully exploit. First, we have to identify if, where, and how the application is vulnerable to a smuggling attack. Once that has been established, we need to…

scomurr
03/05/2023