Awesome web security

A curated list of awesome web security articles, resources and other awesomeness.

Client-side Attacks

• Samesite by Default and What It Means for Bug Bounty Hunters
• Information Leaks via Safari’s Intelligent Tracking Prevention
• XSS in GMail’s AMP4Email via DOM Clobbering
• From Markdown to RCE in Atom
• Dangling markup injection

Server-side Attacks

• HTTP Request Smuggler
• (January 21, 2020) - Google Bug Bounty: CSRF in learndigital.withgoogle.com

Authentication

• Bypassing GitHub's OAuth flow
• Pentest OAuth2

Command Execution

• Blind SQL Injection without an "in"
• GitHub Enterprise SQL Injection
• Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2