Log inSign up
user avatar
PortSwigger Research
@PortSwiggerRes
Web security research from the team at @PortSwigger
portswigger.net/research
Joined September 2019
7
Following
120.9K
Followers
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Nov 15, 2022
    Stealing passwords from infosec Mastodon - without bypassing CSP portswigger.net/research/steal…
    GIF
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Feb 17, 2020
    Top 10 new web hacking techniques of 2019
    Top 10 web hacking techniques of 2019
    From portswigger.net
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Aug 5, 2021
    HTTP/2: The Sequel is Always Worse by @albinowax
    HTTP/2: The Sequel is Always Worse
    From portswigger.net
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Feb 4, 2025
    The results are in! We're proud to announce the Top ten web hacking techniques of 2024!
    Top 10 web hacking techniques of 2024
    From portswigger.net
    222K
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Mar 24, 2021
    New attacks on OAuth: SSRF by design and Session Poisoning by @artsploit
    Hidden OAuth attack vectors
    From portswigger.net
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Oct 19, 2022
    Converting LFI into RCE by chaining PHP encoding filters - superb research by @_remsio_! synacktiv.com/publications/p…
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Feb 9, 2022
    The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021!
    Top 10 web hacking techniques of 2021
    From portswigger.net
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Oct 21, 2019
    On Twitter, if you blink at the wrong moment you'll miss some great web security research. We recently launched a quality-over-quantity subreddit to help address this:
    reddit.com
    r/websecurityresearch
    A community for sharing and discussing novel web security research.
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    May 6, 2020
    Firefox is the only browser which allows self closing script. <svg><script href=data:,alert(1) />
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Feb 24, 2023
    We found a fancy new way to conceal XSS payloads! Check it out in our cheat sheet: portswigger.net/web-security/c…
    Code sample showing how to use assignment to the protocol property
    69K
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Feb 8, 2023
    The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
    Top 10 web hacking techniques of 2022
    From portswigger.net
    117K
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Dec 5, 2023
    You've heard of blind XSS - but what if there's CSP? Introducing blind CSS injection! portswigger.net/research/blind…
    GIF
    76K
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Aug 9, 2023
    We've just published 'Smashing the state machine: the true potential of web race conditions' by @albinowax! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class:
    Smashing the state machine: the true potential of web race conditions
    From portswigger.net
    115K
  • user avatar
    PortSwigger Research
    @PortSwiggerRes
    Jan 23, 2020
    Ok let's close the script. That can't possibly work right? <script> x = '<!--<script>' </script>/-alert(1) </script>