Tag: security
-
Exploiting Angular Expressions to Steal Session Tokens on Plunker
Lately, I’ve been been doing some research on the vulnerabilities happening with some AngularJS implementations. The biggest problem being: mixing server side templates with client side templates. This opens up the opportunity for user input to get into a server-side view, that is then sent client side, and then…
-
Walkthrough for Angular Expression Injection Challenge
A little over a week ago I released an Angular expression injection challenge. The challenge consisted of a simple Todo List web app that was intentionally vulnerable and allowed persisting of Angular expressions. If you have not tried it yet and don't want to spoil it for yourself, stop reading…
-
Angular Expression Injection Vulnerability Challenge
Over the past few years, I've written a lot of Angular. Its been quite the learning experience. It started out messy as hell, got better, got smelly, then got better again, but still isn't perfect. I started out just trying to wrap my head around it and make shit work,…
-
Offensive Security Certified Professional
The Penetration Testing with Kali Linux course and the Offensive Security Certified Professional (OSCP) certification was created to not only teach, but also prove someone has the core skills required to do a penetration test. Both the course and the certification exam are hands-on. No multiple choice questions or quizzes…