APIs are the backbone of most modern apps: mobile, SPAs, microservices, integrations.
This learning path helps you build real API testing instincts, from recon and documentation analysis to finding hidden parameters, mass assignment, and server-side parameter pollution, with hands-on labs throughout.
https://t.co/nCbiCh5t0G
🚨 SSRF in Next.js Apps – Interesting Research
If you're testing modern web apps, this is a great read from Assetnote on how SSRF can appear in Next.js applications.
Key attack surfaces they discuss:
🔹 /_next/image endpoint
🔹 Redirect-based bypass tricks
🔹 Server Actions behavior
🔹 Host header manipulation
Modern frameworks = new bug hunting opportunities. 🕵️♂️
🔗 https://t.co/hzk90Axdvk
#BugBounty #AppSec #WebSecurity #NextJS #SSRF
An attacker gains access to a read-only S3 bucket containing your Terraform State file.
The state file is encrypted at rest.
However, the attacker opens the JSON file and finds:
`"password": "super-secret-db-password"`
in plain text.
Why does Terraform store sensitive output values in plain text in the state file even if they are marked as `sensitive = true` in the code?
Folks to stay away from:
1. Those who self inflict their depression
2. People who find a reason to always be unhappy
3. People who are always unfortunate
4. Those who always blame others for their own misfortune
5. People who don’t have anyone that calls them to order.
💯👍
Got bored watching the fuzzers not find anything in Skia yet. So decided to start playing with AI and XSS payloads.. Here is one we came up with that i personally have never seen before, sharing incase others haven't either:
<img src=x onerror="queueMicrotask(new Proxy(top.alert, { apply: (t, thisArg, args) => t(document.domain) }))">
#bugbountytips #xsstips #xss #bugbounty
Dear @bosuntijani
Please do find attached. I am attaching a full technical document as an image to this write up.
When you make a call: Your phone connects to nearest (strongest) cell tower (base station). That tower connects to Mobile Switching Center (MSC), which is the brain of the cellular network. MSC routes your call through the operator’s network infrastructure, which may involve multiple transmission hops. Call reaches recipient’s MSC, then their local tower, then their phone. This multihop routing is standard cellular architecture, not some exotic bandit technology. If bandits were truly bouncing calls off multiple towers to avoid detection, it would contradict the basics: Involving more towers typically provides more data for triangulation, not less. This isn’t a recognized anti tracking technique in telecommunications.
Before I start sir, I’d love you to be aware that Calls aren’t “bounced” between towers to route them; that’s handled by switches and routers in the core network. If a call involves handover e.g. while moving, it seamlessly shifts from one tower to another, but this doesn’t hide the location as it often makes it easier to track via historical data.
Now let me put you through the principles. At any given moment, a mobile device is connected to exactly ONE serving cell. Not multiple cells. Not bouncing between cells. ONE. This is fundamental to radio resource management in every cellular standard from GSM through 5G NR.
In 2G (GSM/GPRS):
The Mobile Station connects to one BTS (Base Transceiver Station) managed by one BSC (Base Station Controller). The MSC (Mobile Switching Center) knows the exact LAC (Location Area Code) and Cell ID. Every call setup message includes this anchor.
In 3G (UMTS/HSPA):
The UE (User Equipment) connects to one Node B managed by one RNC (Radio Network Controller). The MSC or SGSN maintains the URA (UTRAN Registration Area) and Cell ID mapping. Radio resource control state is explicitly tracked.
In 4G (LTE):
The UE connects to exactly one eNodeB (evolved Node B). The MME (Mobility Management Entity) maintains the UE context with precise TAI (Tracking Area Identity) and eNodeB identifier. The serving gateway anchors the user plane. There is no ambiguity.
In 5G (NR):
The UE connects to one gNodeB (next generation Node B). The AMF (Access and Mobility Management Function) maintains registration state with explicit cell identity. The UPF (User Plane Function) anchors the session.
There is no cellular standard, no protocol, no physical layer specification that allows a device to simultaneously maintain active connections to multiple cells for the purpose of “bouncing” a call. This is not a loophole criminals exploit. This is the foundation of how radio spectrum is allocated, managed, and regulated.
HANDOVER IS ALWAYS EXPLICIT, MEASURED, AND COMPLETELY LOGGED
When a mobile device moves from one cell’s coverage to another, handover (or handoff) occurs. This is not invisible. This is not evasive. This is a deterministic protocol transaction that generates comprehensive logs.
The Handover Process (LTE Example):
1.Measurement Phase: UE continuously measures signal strength (RSRP/RSRQ) from serving cell and neighbor cells. These measurements are reported to the eNodeB.
2.Handover Decision: eNodeB evaluates measurements against handover thresholds. When target cell signal exceeds serving cell by configured margin for configured time (typically 3dB for 320ms), handover decision is made.
3.Handover Preparation: Source eNodeB sends HANDOVER REQUEST to target eNodeB via X2 interface, including UE context, security keys, and bearer information.
4.Handover Execution: Target eNodeB allocates resources, responds with HANDOVER REQUEST ACK. Source eNodeB commands UE to handover via RRC Connection Reconfiguration message.
1 of 2
Early this year, I came across an Application Security role at an international company on LinkedIn. When I opened the job description, I saw that over 400 people had already applied, but I decided to take a chance anyway.
I made it through the first and second interview rounds. When I got to the third round (the second technical round), I was given several technical tasks to complete within a week.
Two out of the four tasks were secure code review challenges. I was only required to identify vulnerabilities, list them, and provide recommendations. But I knew I wasn’t the only strong candidate, and let’s be honest, being Nigerian, the odds weren’t exactly in my favour. So I knew I had to do something extraordinary.
Instead of doing it the traditional way, I built actual APIs using the vulnerable code they provided. Then I manually exploited each vulnerability exactly the way a real attacker would.
After that, I documented everything and wrote a near-perfect pentest report, screenshots, reproduction steps, impact, and recommendations included.
Then I took it a step further:
I rewrote the vulnerable code securely based on my own recommendations, rebuilt the APIs, and attempted to exploit them again using the same attack paths. Every attack failed, and I documented all of this in the same report to show clear before-and-after proof of remediation.
The crazy part is that, I completed everything in under 24 hours, even though I was given 7 days. I submitted the report with an email that ended with:
“…I hope this early submission won’t incur any penalties.” 😂
I made it to the 4th round (the 3rd technical round), and you could literally see the excitement on the interviewer’s face trying to figure out “who the hell is this guy?” 🤣🤣
Long story short, I made it to the final round, and I eventually got the offer letter.
I’ll attach a redacted version of my report and the GitHub repo link in the comments (PDF format), along with the code I wrote.
I hope this inspires someone out there to always go the extra mile. Be extraordinary in whatever you do.