Abusing XSLT for Practical Attacks
Breaking HTTPS with BGP Hijacking
Abusing CDNs with SSRF Flash and DNS
Untangling The DOM For More Easy-Juicy Bugs
Password mining from AWS/Parse Tokens
St. Louis Federal Reserve DNS Redirect
Exploiting XXE in File Upload Functionality
Server-Side Template Injection: RCE for the Modern Web App
Understanding and Managing Entropy Usage
Attack Surface for Project Spartan's EdgeHTML Rendering Engine
Web Timing Attacks Made Practical
Winning the Online Banking War
New Methods in Automated XSS Detection: Dynamic XSS Testing Without Using Static Payloads Practical Timing Attacks using Mathematical Amplification of Time Difference in == Operator
The old is new, again. CVE20112461 is back!
Hunting ASynchronous Vulnerabilities
New Evasions for Web Application Firewalls
Magic Hashes
Formaction Scriptless attack updates
The Unexpected Dangers of Dynamic JavaScript
Who Are You? A Statistical Approach to Protecting LinkedIn Logins(CSS UI Redressing Issue)
Evading All Web Application filters
Multiple Facebook Messenger CSRF's