👩‍💻IW Weekly #118: Server-Side Request Forgery, Malware Development, IDOR, Match and Replace, Cache Deception and many more…

Welcome to the #IWWeekly118 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @oXnoOneXo explores a compelling Server-Side Request Forgery (SSRF) vulnerability, unravelling its discovery and impact.
2. @dk4trin and @Fabrikat0r delve into $500 Cache Deception and misconfigured JWTs, uncovering vulnerabilities that lead to Account Takeover (ATO).
3. An analysis of race condition vulnerability enabling email confirmation bypass, authored by @siratsami71.
4. Check the implementation of Trusted Types in AppSheet, this article by @kian-jamali provides a comprehensive case study on enhancing web application security.
5. Examining client-side path traversal for performing Cross-Site Request Forgery with the introduction of CSPT2CSRF, by @Doyensec.

🧵4 Trending Tweets

1. Started a series of 'Malware Development 101' on YouTube with basics for beginners. @nu11charb aims for advanced topics later.
2. Match and replace often goes overlooked. @ctbbpodcast shares 8 essential things to match and replace in your next hunt.
3. Bug bounty can be a cruel mistress sometimes. @ctbbpodcast shares 14 solid tips from last week's pod to handle dupes, downgrades, mass closes, and misunderstandings.
4. Wish I had this when I started bug bounty! @intigriti shares tips to help you identify & exploit more IDOR vulnerabilities.

📽️ 3 Insightful Videos

1. @HackerSploit presents an 'Introduction to Red Teaming' video, covering the basics of red team operations.
2. Learn efficient reporting techniques to enhance your hacking skills in 'Less Writing, More Hacking: Reporting Efficiency Techniques' by @ctbbpodcast.
3. @NahamSec explores every bug bounty program in 'I SCANNED EVERY BUG BOUNTY PROGRAM'.

💼 2 Job Alerts

1. Akamai Technologies seeks a Security Consultant II for a full-time remote position in India, targeting mid-senior level professionals.
2. Choice International is looking for an Associate Cyber Security Engineer with 1-4 years of experience in Mumbai, salary details undisclosed.

🎁 1 Special Item

1. Try to find the vulnerability in this code as shared by @bountywriteups

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Nithin R, Rachit Arora

Newsletter formatting by: Bhavesh Harmalkar, Nithin R, Manan, Shlok, Ansh Patel, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups