HN SecurityMay 14

🎙️ Join Federico’s Discord talk later today!

As part of #BurpExtensibilityMonth initiatives, our Research Lead and #BurpAmbassador @apps3c is joining #PortSwigger on Discord for “Restoring testability: Handling complex scenarios in Burp Suite with a custom extension”.

Most web and mobile backends and APIs can be assessed effectively with #BurpSuite out of the box. But testers sometimes hit scenarios where standard workflows become impractical, such as encryption, request signing, custom data formats, WAF controls, token handling, and other protections.

In this talk, Federico will explore how custom Burp Suite extensions can integrate those mechanisms directly into your testing workflow, so you can keep using tools like Repeater, Intruder, Scanner, and more as if the underlying complexity was not there.

Expect a real-world inspired scenario, practical design guidance, and plenty of extension-building inspiration.

👉 Register your interest here!
https://discord.com/events/1159124119074381945/1499761261750128670

Discord - Group Chat That’s All Fun & Games

Discord is great for playing games and chilling with friends, or even building a worldwide community. Customize your own space to talk, play, and hang out.

Discord
HabrMay 1

Как я сдал BSCP за 2 часа. Методология подготовки

В каждой профессии есть ритуал инициации, о котором не принято говорить вслух. У хирургов — первая ночная смена с тяжёлым пациентом. У пилотов — посадка вслепую на тренажёре. У багхантеров и пентестеров есть Карлос. Да, тот самый Carlos, чей пароль или токен вы будете выгрызать из экзаменационного приложения PortSwigger, пока где-то на фоне тикает таймер, а Burp Collaborator хранит гробовое молчание. Меня зовут Султан. Первая попытка, два часа — экзамен сдан. Я знаю, о чём вы подумали: сдать BSCP с первого раза удаётся очень немногим, даже опытным специалистам. Так почему у меня получилось? Ответ — в методологии. Я не буду рассказывать о вещах, которые и так известны абсолютному большинству. Раскрывать уязвимости из экзамена смысла нет: существует около сотни различных комбинаций, запомнить их все невозможно.

https://habr.com/ru/articles/1030460/

#portswigger #bscp #информационная_безопасность

Как я сдал BSCP за 2 часа. Методология подготовки

⚠️ Дисклеймер: Я не раскрываю конкретных шагов решения экзаменационных лабораторных работ PortSwigger. Только личный опыт, методология и наблюдения. В каждой профессии есть ритуал инициации, о котором...

Хабр
Konstantin WeddigeMar 16
When did #PortSwigger shut down the User Forum? There is still a link to the forum on the website, but it now redirects to the generic support page.
Marduk_James Oct 7, 2025

Latest #Portswigger SQL lab write-up.

https://medium.com/@marduk.i.am/visible-error-based-sql-injection-2deb4b77ac64

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

Visible Error-Based SQL Injection

A Portswigger Lab

Medium
Marduk_James Oct 5, 2025

Latest #Portswigger lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-errors-7850fe9bc73b

Blind SQL Injection with Conditional Errors

A Portswigger Lab

Medium
Anastasis VasileiadisSep 29, 2025

🗺️ Where to Practice Ethical Hacking — Safe Learning Platforms 🔐

Sharpen your skills legally on platforms like TryHackMe (beginners), Hack The Box (intermediate/advanced), PortSwigger Academy (web), and CTF sites — safe, structured labs and communities for hands-on learning. 🎯💻

#ethicalhacking #TryHackMe #HackTheBox #PortSwigger #CTF #Infosec #CyberSecurity #LearnToHack #PenTesting #WhiteHat

BillSep 3, 2025

Portswigger put up a video about flaws in HTTP 1.1. it's got John Hammond!

https://portswigger.net/blog/the-entire-internet-is-broken-ethical-hacking-expert-john-hammond-meets-james-kettle

#portswigger #http

"The entire internet is broken": ethical hacking expert John Hammond meets James Kettle

In a brand-new collaboration between ethical hacking and AppSec expert John Hammond and world-renowned security researcher James Kettle, the pair explore how tens of millions of websites are compromis

PortSwigger Blog
Unofficial LowEndBox BotAug 2, 2025
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday https://lowendbox.com/blog/one-third-of-the-web-will-stop-working-in-4-days-massive-scale-cdn-compromise-starts-wednesday/ #Editorial&News #portswigger #tedunangst #Security #HTTP #tedu
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday

About 34% of the web is still powered by HTTP/1.1 and that protocol will likely come under severe attack starting on Wednesday. Get a preview of what's in store for the latest security headache.

LowEndBox
Wen Bin Jun 10, 2025

🚨 Want to start learning ethical web hacking for FREE?

🎯 In this video, I break down 3 websites that offer hands-on labs, structured paths, and gamified learning - perfect for beginners in web application penetration testing and bug bounty!

🎓 Here’s who made the list:

✅ PortSwigger Web Security Academy
Learn real-world web vulnerabilities with interactive labs

✅ TryHackMe
Gamified challenges + guided learning paths

✅ Hack The Box
Academy modules, practice labs & certifications — all linked together

But I didn’t stop at listing them.

💡 I shared my professional take on:
1️⃣ Their unique strengths
2️⃣ What makes each platform great for beginners
3️⃣ And where they could improve to become even better

This isn't just another list — they are insights from an active bug bounty hunter from Singapore 🇸🇬😊

📺 Watch here: https://www.youtube.com/watch?v=_LrpMiAD8rg
📌 Timestamps and useful links in the video description

👇 Comment your favorite FREE hacking resources — let's share and help each other grow!

#BugBounty #BugBountyTips #CyberSecurity #EthicalHacking #TryHackMe #HackTheBox #PortSwigger

3 FREE Websites To Learn Ethical Web Hacking (Beginner Friendly)

YouTube
Marduk_James May 25, 2025

Latest lab write-up. Came out a bit long but very informative.

https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger

Blind SQL Injection with Conditional Responses - Marduk I Am - Medium

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the…

Medium