Articles Categorized as Web Apps
-
CVE-2026-36748: XSS in Rock RMS Leads to Privilege EscalationRaxis Lead Pentester Jason Taylor recently discovered CVE-2026-36748, a high-risk XSS vulnerability in Rock RMS that allows privilege escalation to admin. -
AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App PentestOn a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code. -
Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation AdviceRyan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue. -
The Growing Threat: Attackers Using GitHub Repositories as Malware Staging MechanismsRecent attacks, including GitVenom and Lumma Stealer, underscore the threat of Attackers using GitHub repositories as malware staging mechanisms. -
Cross-Site Scripting (XSS): Cookie Theft – Advanced PayloadsWe reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks. -
OWASP Top 10 for 2025: What’s New in Web Application SecurityThe OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.
