PortSwigger Research
1,032 posts
PortSwigger Research
@PortSwiggerRes
Web security research from the team at @PortSwigger
Joined September 2019
- Top 10 new web hacking techniques of 2019
- The results are in! We're proud to announce the Top ten web hacking techniques of 2024!
- Converting LFI into RCE by chaining PHP encoding filters - superb research by @_remsio_! synacktiv.com/publications/p…
- The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021!
- On Twitter, if you blink at the wrong moment you'll miss some great web security research. We recently launched a quality-over-quantity subreddit to help address this:
- Firefox is the only browser which allows self closing script. <svg><script href=data:,alert(1) />
- We found a fancy new way to conceal XSS payloads! Check it out in our cheat sheet: portswigger.net/web-security/c…
- The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
- You've heard of blind XSS - but what if there's CSP? Introducing blind CSS injection! portswigger.net/research/blind…
GIF - We've just published 'Smashing the state machine: the true potential of web race conditions' by @albinowax! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class:
- Ok let's close the script. That can't possibly work right? <script> x = '<!--<script>' </script>/-alert(1) </script>
