Tasos Laskos 1 min read
Script your DOM XSS exploitation workflow

Hello all, I wanted to share some Codename SCNR scripting kung-fu with you. This is something you can use post-scan,...

Read more
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications
Tasos Laskos 2 min read
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications

Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the...

Read more
Tasos Laskos 1 min read
Following the execution: Taint-tracing in the JS environment

In our previous article we discussed data-flow tracing, i.e. following a piece of data as it travels through the JS...

Read more
Tasos Laskos 1 min read
Client-side crawl: A DOM state exploration

Say you need to do a manual pentest on a web application with a lot of client-side code, like a...

Read more