Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
Iscritto a ottobre 2011
3 foto e video Foto e video

Tweet

@slekies è bloccato

Sei sicuro di voler vedere questi Tweet? Visualizzare i Tweet non sbloccherà @slekies.

  1. Tweet fissato
    5 gen

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 risposte 131 Retweet 152 Mi piace
  2. 19 gen

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 risposte 7 Retweet 14 Mi piace
  3. 18 gen

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 Retweet 11 Mi piace
  4. 17 gen

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 Retweet 15 Mi piace
  5. 12 gen

    And another CSP bypass by :

    1 risposta 8 Retweet 14 Mi piace
  6. 12 gen

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 risposte 112 Retweet 247 Mi piace
  7. 10 gen

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 risposte 60 Retweet 146 Mi piace
  8. 7 gen

    Another dangling markup vector:

    3 risposte 4 Retweet 13 Mi piace
  9. 7 gen

    5 more CSP bypasses added to the list:

    5 Retweet 18 Mi piace
  10. 6 gen

    any additional ideas?

  11. 6 gen

    Framework-specific bypasses are also welcome!

    4 risposte 1 Mi piace
  12. 6 gen

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    1 risposta 7 Retweet 12 Mi piace
  13. 5 gen

    CC

    1 risposta 1 Mi piace
  14. 5 gen

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 risposte 2 Retweet 5 Mi piace
  15. 28 dic 2016

    Are you ready for life outside the sandbox

    12 Retweet 16 Mi piace
  16. 2 gen

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 Retweet 31 Mi piace
  17. 1 gen

    hah, my CSP nonce bypass:

    3 risposte 18 Retweet 57 Mi piace
  18. 31 dic 2016

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 risposte 77 Retweet 107 Mi piace
  19. Sebastian Lekies ha iniziato seguire , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 29 dic 2016

    and chrome too, soon!

    1 risposta 2 Retweet 3 Mi piace

@slekies non ha ancora twittato.

Il caricamento sembra essere lento.

Twitter potrebbe essere sovraccarico o avere un problema temporaneo. Riprova o visita Twitter Status per ulteriori informazioni.

    Potrebbero piacerti

    ·