I got my weekly TL;DR Sec newsletter on Thursday morning. I regularly browse the headlines for fun things to check out whenever I might have some actual downtime. I noticed a post about XSS in Swagger UI at: Hacking Swagger-UI - from XSS to account takeovers I did the usual perusal, noted down the concerns, and...
I was recently working on a security review, and I came across an anti-pattern I’ve seen time and time again. Sure, it might be obvious, but this was a relatively tenured developer who suggested this particular solution. It’s seemingly pervasive enough that it warrants digging into. So, with that in mind, let’s chat...