👩‍💻IW Weekly #80: Broken Access Control, XSS Basics, GraphQL Introspection Query, RCE Vulnerabilities, XSS Challenge, Scanners for Web Security Research and many more …

Welcome to the #IWWeekly80 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @albinowax shows us how to build scanners for web security research in this very insightful blog post.
2. Learn how V3D was able to delete super admins due to broken access control which earned them $$$.
3. Get into Piyush Kumawat’s mind to understand how they earned $1000 by bypassing the password protection using GraphQL introspection query.
4. Checkout this blog to learn how @noobibek was able to perform a full account takeover via the “Sign In with Microsoft” feature.
5. Read Certitude Consulting’s cool blog on how Cloudflare can be used to bypass Cloudflare.

🧵4 Trending Tweets

1. Take a glance at @theXSSrat’s thread on XSS basics.
2. @vidocsecurity has posted an amazing thread on how we can find hidden pages and .js files in Next.js applications. Do check it out!
3. Want to practice RCE vulnerabilities in labs? Worry not as @intigriti got you covered.  
4. @0xLupin posted a super informative thread on how to escalate an XSS found at Wordpress sites

📽️ 3 Insightful Videos

1. Catch up with security news, new chrome updates, GPT-4, SAML presentations and more in the latest episode from @ctbbpodcast.
2. @gregxsunday explains his bug bounty finding worth $20,000, which includes misconfigured S3 buckets.
3. @NahamSec shares his experience as a full time bug bounty hunter.

💼 2 Job Alerts

1. TechDefence is seeking a Security Analyst in Ahmedabad, India.
2. LTIMindTree is looking for an individual with experience in SAST and DAST.

🎁 1 Special Item

1. @ryotkak has created a small XSS challenge for us. Go shoot your shot.

A word from our sponsor this week

👉 Join a 3-hour ChatGPT & AI Workshop for FREE (worth $49) by GrowthSchool to master AI tools and ChatGPT hacks: Click to Register (FREE for the first 100 people) 🎁

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Tuhin Bose

Newsletter formatting by: Nikhil A Memane, Hardik Singh,Nithin R

Lots of love
Editorial team,
Infosec Writeups