A personal story about discovering a critical XSS vulnerability in production, writing a detailed report, and the reality that many security researchers face: finding problems that get fixed but receiving no acknowledgment. This is the reality for many developers and security testers who find vulnerabilities internally.
OAuth 2.0 and Bearer JWT are not competitors—they are complementary technologies. OAuth 2.0 defines the authorization framework, while JWT provides a secure token format. Learn the difference and how to test both for security vulnerabilities.
Broken Authentication is one of the most common and critical security vulnerabilities in web applications and APIs. Learn why it's dangerous, what causes it, and how to test for it quickly using automated tools and manual techniques.
Despite being well-documented in OWASP API Top 10, BOLA still regularly appears in production systems. This article explains how BOLA manifests in practice, what makes it dangerous, and why it is often missed during development and testing.
BOLA happens when an API checks "Are you logged in?" but forgets to check "Are you allowed to access this specific thing?" Learn what Broken Object Level Authorization is, why it's dangerous, and how to fix it — explained in simple terms without the technical jargon.
ISO 27001 is a standard for managing information security. It does not teach how to write code, does not explain OAuth, and does not care whether you use REST or GraphQL. Its purpose is simple: prove that a company systematically manages security risks, not that it "tries to be secure".
We live in the era of artificial intelligence. Every day, new tools appear that can write code, generate texts, create graphics, and even perform simple tests. But there is one area where the human role cannot be fully replaced, and that is cybersecurity.