Profile cover photo
Profile photo
James Kettle
http://skeletonscribe.net/
http://skeletonscribe.net/
About
Posts

Post has attachment
Abusing OWASP
I have no love for drama but over the last couple of years I’ve witnessed some shameless abuse of OWASP by commercial interests and feel it's important to call this out. The latest draft of the OWASP TOP 10 ‘Most Critical Web Application Security Risks’ add...

Post has attachment
Reviewing bug bounties - a hacker's perspective
A prospective bug bounty hunter today has very little information on which to base his or her decision about which programs to participate in. There's a dramatic horror story every few months and that's about it. This is unfortunate because bounty hunting i...

Post has attachment
Exploiting Uber and Piwik with adapted AngularJS payloads
I don't normally blog about bug bounty findings, but I recently found a couple on Piwik and Uber based on AngularJS template injection that have some interesting technical subtleties. As usual, I've published it on blog.portswigger.nethttp://blog.portswi...

Post has attachment

Post has attachment
Exploiting Path Relative Style-Sheet Imports (PRSSI)
I've posted a detailed breakdown of how to succesfully exploit path-relative stylesheet imports and navigate the associated pitfalls over at http://blog.portswigger.net/2015/02/prssi.html

Post has attachment

Post has attachment

Post has attachment
Wait while more posts are being loaded