LEXSS: Bypassing Lexical Parsing Security Controls TL;DR By using special HTML tags that leverage HTML parsing logic, it is possible to achieve cross... 2021-6-22 15:0:0 | 阅读: 1 | 收藏 | bishopfox.com - bishopfox.com lexical sanitizing tinymce tokenizer textarea

An Exploration of JSON Interoperability Vulnerabilities TL;DR The same JSON document can be parsed with different values across microservices, leading to... 2021-2-25 16:0:0 | 阅读: 3 | 收藏 | bishopfox.com - bishopfox.com parsers superadmin qty json5

Bad Pods: Kubernetes Pod Privilege Escalation What are the risks associated with overly permissive pod creation in Kubernetes? The answer varies... 2021-1-19 16:0:0 | 阅读: 8 | 收藏 | bishopfox.com - bishopfox.com kubernetes pods privileged security manifests

Lessons Learned on Brute-forcing RMI-IIOP With RMIScout I'm excited to announce some new features that have been added to RMIScout. RMIScout is a tool to pe... 2020-12-8 16:0:0 | 阅读: 1 | 收藏 | bishopfox.com - bishopfox.com rmiscout corba omg iiop

Design Considerations for Secure GraphQL APIs In this article, we are going to discuss a variety of security risks to GraphQL deployments and migr... 2020-9-28 15:0:0 | 阅读: 2 | 收藏 | bishopfox.com - bishopfox.com scalars security caching limiting

Design Considerations for Secure Cloud Deployment Whether you are migrating an on-premise deployment to a cloud provider tasked with deploying a new c... 2020-9-15 15:0:0 | 阅读: 3 | 收藏 | bishopfox.com - bishopfox.com cloud security kubernetes choosing iac