Web Apps
Blog Archive Category
The Exploit articles categorized as Web Apps
-
AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
By Andrew Trexler On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code. March 4, 2026 -
Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
By Ryan Chaplin Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue. February 10, 2026 -
The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
By Brian Tant Recent attacks, including GitVenom and Lumma Stealer, underscore the threat of Attackers using GitHub repositories as malware staging mechanisms. January 21, 2026 -
Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads
By Raxis Research Team We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks. December 18, 2025 -
OWASP Top 10 for 2025: What’s New in Web Application Security
By Raxis Research Team The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category. November 20, 2025 -
HTTP/1.1 Security News: What You Can Do Now
By Jason Taylor A recent Portswigger white paper on HTTP/1.1 highlights critical security issues. If you use old products that still require it, here’s what you can do. September 16, 2025
