At this year’s Armsec seventh annual information security conference - reARMSEC, I made a small presentation (Google slides, PDF version) on why the modern web is hard describing HackerOne’s top 10 most impactful and rewarded vulnerability types for 2020. As for the real-life examples of the bugs, I gathered reports mostly from HackerOne’s Hacktivity.

This month’s Intigriti’s XSS challenge was interesting as a couple of hours after Frans Rosén submitted an unintended solution, and I got interested in that one more than in the original.

Hi, I am a web application developer and cybersecurity enthusiast from Armenia. On this blog, I am going to post mainly Bug bounty and CTF writeups, reconnaissance techniques, approaches to pentesting and my thoughts on general infosec.