top | item 22185590 Google YOLO clickjacking (2018) 142 points| _Microft | 6 years ago |blog.innerht.ml | reply 13 comments order hn newest [+] [-] dandare|6 years ago|reply > Update. Shortly after thie article was published, Google silently prevented my domain from using the APIThat will certainly make the problem go away Google ;) [+] [-] finnthehuman|6 years ago|reply Security reports at google are the same as any user interaction: they blow you off until you prove your point on Hacker News [+] [-] dang|6 years ago|reply Discussed at the time: https://news.ycombinator.com/item?id=17044518 [+] [-] ethanburrell|6 years ago|reply Hey HN! I really enjoy this type of App Security, anyone know any blogs devoted to this? Or any other places to learn more tricks like this? [+] [-] Thorrez|6 years ago|reply You might check out writeups for CTF challenges in the web category.Also check out the Youtube channel LiveOverflow. A lot of the stuff is binary exploitation, but some is web.https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w [+] [-] EdOverflow|6 years ago|reply Aside from Filedescriptor's work, here are some of my favourite blogs in the web application security space (not an exhaustive list):- https://blog.orange.tw/- https://ngailong.wordpress.com/- https://whitton.io/- https://sakurity.com/blog- https://homakov.blogspot.com/- https://buer.haus/- https://philippeharewood.com/- https://portswigger.net/research- https://gerbenjavado.com/- https://medium.com/@intideceukelaire- https://samcurry.net/- https://stephensclafani.com/- https://www.josipfranjkovic.com/- https://www.arneswinnen.net/- https://blog.assetnote.io/- https://medium.com/@alex.birsan- https://cablej.io/- https://jonbottarini.com/- https://www.corben.io/There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.Shameless plug: I write about web application security at https://edoverflow.com/. load replies (1) [+] [-] james-imitative|6 years ago|reply Unenumerated load replies (1) [+] [-] Thorrez|6 years ago|reply Obviously related to the Facebook comment jacking post from yesterday: https://news.ycombinator.com/item?id=22176180 [+] [-] etxm|6 years ago|reply I feel like the cookie button is shady AF [+] [-] p1necone|6 years ago|reply This is definitely a grey hat blog post.
[+] [-] dandare|6 years ago|reply > Update. Shortly after thie article was published, Google silently prevented my domain from using the APIThat will certainly make the problem go away Google ;) [+] [-] finnthehuman|6 years ago|reply Security reports at google are the same as any user interaction: they blow you off until you prove your point on Hacker News
[+] [-] finnthehuman|6 years ago|reply Security reports at google are the same as any user interaction: they blow you off until you prove your point on Hacker News
[+] [-] ethanburrell|6 years ago|reply Hey HN! I really enjoy this type of App Security, anyone know any blogs devoted to this? Or any other places to learn more tricks like this? [+] [-] Thorrez|6 years ago|reply You might check out writeups for CTF challenges in the web category.Also check out the Youtube channel LiveOverflow. A lot of the stuff is binary exploitation, but some is web.https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w [+] [-] EdOverflow|6 years ago|reply Aside from Filedescriptor's work, here are some of my favourite blogs in the web application security space (not an exhaustive list):- https://blog.orange.tw/- https://ngailong.wordpress.com/- https://whitton.io/- https://sakurity.com/blog- https://homakov.blogspot.com/- https://buer.haus/- https://philippeharewood.com/- https://portswigger.net/research- https://gerbenjavado.com/- https://medium.com/@intideceukelaire- https://samcurry.net/- https://stephensclafani.com/- https://www.josipfranjkovic.com/- https://www.arneswinnen.net/- https://blog.assetnote.io/- https://medium.com/@alex.birsan- https://cablej.io/- https://jonbottarini.com/- https://www.corben.io/There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.Shameless plug: I write about web application security at https://edoverflow.com/. load replies (1) [+] [-] james-imitative|6 years ago|reply Unenumerated load replies (1)
[+] [-] Thorrez|6 years ago|reply You might check out writeups for CTF challenges in the web category.Also check out the Youtube channel LiveOverflow. A lot of the stuff is binary exploitation, but some is web.https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
[+] [-] EdOverflow|6 years ago|reply Aside from Filedescriptor's work, here are some of my favourite blogs in the web application security space (not an exhaustive list):- https://blog.orange.tw/- https://ngailong.wordpress.com/- https://whitton.io/- https://sakurity.com/blog- https://homakov.blogspot.com/- https://buer.haus/- https://philippeharewood.com/- https://portswigger.net/research- https://gerbenjavado.com/- https://medium.com/@intideceukelaire- https://samcurry.net/- https://stephensclafani.com/- https://www.josipfranjkovic.com/- https://www.arneswinnen.net/- https://blog.assetnote.io/- https://medium.com/@alex.birsan- https://cablej.io/- https://jonbottarini.com/- https://www.corben.io/There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.Shameless plug: I write about web application security at https://edoverflow.com/. load replies (1)
[+] [-] Thorrez|6 years ago|reply Obviously related to the Facebook comment jacking post from yesterday: https://news.ycombinator.com/item?id=22176180
[+] [-] etxm|6 years ago|reply I feel like the cookie button is shady AF [+] [-] p1necone|6 years ago|reply This is definitely a grey hat blog post.
[+] [-] dandare|6 years ago|reply
That will certainly make the problem go away Google ;)
[+] [-] finnthehuman|6 years ago|reply
[+] [-] dang|6 years ago|reply
[+] [-] ethanburrell|6 years ago|reply
[+] [-] Thorrez|6 years ago|reply
Also check out the Youtube channel LiveOverflow. A lot of the stuff is binary exploitation, but some is web.
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
[+] [-] EdOverflow|6 years ago|reply
- https://blog.orange.tw/
- https://ngailong.wordpress.com/
- https://whitton.io/
- https://sakurity.com/blog
- https://homakov.blogspot.com/
- https://buer.haus/
- https://philippeharewood.com/
- https://portswigger.net/research
- https://gerbenjavado.com/
- https://medium.com/@intideceukelaire
- https://samcurry.net/
- https://stephensclafani.com/
- https://www.josipfranjkovic.com/
- https://www.arneswinnen.net/
- https://blog.assetnote.io/
- https://medium.com/@alex.birsan
- https://cablej.io/
- https://jonbottarini.com/
- https://www.corben.io/
There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.
Shameless plug: I write about web application security at https://edoverflow.com/.
[+] [-] james-imitative|6 years ago|reply
[+] [-] Thorrez|6 years ago|reply
[+] [-] etxm|6 years ago|reply
[+] [-] p1necone|6 years ago|reply