Tasos Laskos 1 min read
Script your DOM XSS exploitation workflow

Hello all, I wanted to share some Codename SCNR scripting kung-fu with you. This is something you can use post-scan,...

Read more
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications
Tasos Laskos 2 min read
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications

Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the...

Read more
Managing an SCNR cloud over REST
Tasos Laskos 5 min read
Managing an SCNR cloud over REST

New products and their terminology can be daunting, especially when it has to do with architectural things. To take care...

Read more
Tasos Laskos 1 min read
Following the execution: Taint-tracing in the JS environment

In our previous article we discussed data-flow tracing, i.e. following a piece of data as it travels through the JS...

Read more
Tasos Laskos 1 min read
Following the data: Taint-tracing in the JS environment

Frustratingly enough, something fishy is going on with an input you're manually checking but you can't quite put your finger...

Read more
Tasos Laskos 1 min read
Client-side crawl: A DOM state exploration

Say you need to do a manual pentest on a web application with a lot of client-side code, like a...

Read more
Tasos Laskos 2 min read
Extracting input traits to help with manual pentests

So, suppose we're preparing a manual penetration test of a web application; wouldn't it be nice to be able to...

Read more