Security Research

Help Gaining XXE in Spring Boot Mobile Application API [Security Research] (4)
Application Security Engineer [Security Research] (1)
Instrumenting Android Applications with Frida [Tools Discussion] (1)
Is it common for bug bounty hunters to use exploits found in one site, on other sites? [Security Research] (4)
Keeping track of how companies respond to bug reports [Security Research] (14)
? - Help/Input - BwAPP – Medium Security SQLi Practice -? [Security Research] (1)
Symantec Data loss prevention (DLP) Policy Bypass [Security Research] (1)
XXE clarification [Security Research] (4)
Dom based XSS question [Proof of Concepts] (7)
Hunting XXE For Fun And Profit [Security Research] (9)
Any idea on how someone would exploit this? (CSRF Bypass) [Security Research] (3)
Can I still report Rosetta Flash? [Security Research] (4)
Hash sign wrecking my XSS payload. How to exploit? [Security Research] (2)
A DB handling horror story by @FogMarks & some security guidelines [Security Research] (1)
What Does This JS Code Do and How to Exploit? [Security Research] (5)
How would you approach a site like this? [Security Research] (3)
CSRF POC Generator [Tools Discussion] (4)
Favorite Tools for Packet Editing and Replaying [Tools Discussion] (2)
Open redirect via header injectoin. Is this a vulnerbility? [Security Research] (2)
Looking for multibyte UTF-8 characters leading to XSS in javascript context [Security Research] (3)
Put the tools you use here please! [Tools Discussion] (2)
Common Assessment Tool Cheatsheets [Tools Discussion] (13)

Hey All! I have an unhealthy obsession for time savers when i'm doing pentest work. Since a lot of my time is spent on the command line I love cheatsheets. I thought i'd use this thread to post some of the more awesome…

PHP code execution from client side [Security Research] (1)
Using SoapClient on the Client side [Security Research] (1)
Anything out there to help find outdated plugins used by a website? [Security Research] (1)
How to create a Test Server [Proof of Concepts] (1)
Performance Tuning Burp Suite [Tools Discussion] (1)
Subdomain Discovery [Tools Discussion] (7)
Pentesting references for GWT RPC tool kit [Tools Discussion] (4)
SQLMap Tamper Scripts (SQL Injection and WAF bypass) [Tools Discussion] (5)