Hmm. Is it possible for you guys to host something like an event, other than the normal space we usually have. Bug bounty hunting based, and you guys will share something like , what vuln/bug we should look into. and how we can hunt on programs and all. 👇.

RT @d3q0w: spent the whole of yesterday doing analysis on SQLi, read a lot of articles, reports and books. now I guess I don't have to go….

Join millions who have switched to Grok.

RT @fattselimi: Just scored a reward @intigriti, check my profile: #HackWithIntigriti.

RT @0xHun73r: I was just testing some random parameters with a very simple payloads. Payload: .(parametr c=)'>"<svg%2Fonload=confirm("0xhun….

It was nice working with @cybergirl_io on Authentication vulnerability. we go again trying to get the end of it on Portswigger, buy solving and understanding the logic for the next 3labs.#30daysbugbountychallenge.

Reading report write-ups is part of being an hacker . Tonight I read another authentication bypass vulnerability, though is was 2019 report for Instagram on Hackerone (it was disclosed). Moving everyday.#30daysbugbountychallenge.

RT @gabbytech01: 1/30days.Today I started out with authentication vulnerability on Portswigger. Practiced it over and over, solving only 3….

1/30days.Today I started out with authentication vulnerability on Portswigger. Practiced it over and over, solving only 3 labs from it. Also I read a report on authentication from #MTN on #hackerone .#30daysbugbountychallenge

#30daysbugbountychallege starting today, who wanna join in and grow together with me. I am starting with Authentication Vulnerability and also read about 2-3 write-ups every single day on auth for the next 30days.

Starting a #30daysbugbounty challenge.learning all about Authentication flaws.>>>>.

RT @4osp3l: Okay; this have been reported to their program on BC. the behavior is by design, meaning, they intentionally allow that, so t….

what are you working on?. lets keep grinding.

Read “Securing an Application Built with AI: Lessons from a Real-World Test“ by GABBYTECH on Medium:

•Apply role-based access controls (RBAC) to ensure each token is scoped to the correct permissions. •Regularly audit authentication and authorization mechanisms.Thank you :).@theXSSrat @xss0r.

Recommendation.•Implement unique Bearer tokens per session, tied to user identity, with proper expiration and refresh logic. •Generate user-specific API keys instead of using a shared/static key.

fines, or compensation claims. •Reputation damage: News of weak security can discourage potential clients or investors. •Operational disruption: Exploits of this flaw may force downtime, re-authentication of all users, and emergency patches.

•This could result in legal liabilities and fines if customer data is leaked. Business Impact.•Loss of customer trust: Users expect their accounts and data to be isolated and secure. •Financial loss: Data breaches or unauthorized access can lead to fraud,.

•If tokens are shared across different roles (e.g., Admin vs. User), a regular user could perform admin-level operations. 4.Regulatory & Compliance Violations.•Lack of proper authentication controls can lead to non-compliance with standards like GDPR, HIPAA, or PCI DSS.

Leakage.•Sensitive information (personal data, business records, financial details) could be accessed by unauthorized users. •One compromised token equals compromise of all accounts.3.Privilege Escalation.

1.Account Impersonation.•Any user with the shared token or API key can impersonate other users without needing their login credentials. •Access control becomes meaningless since identity cannot be verified properly. I already requote the rest kindly check it out 🙏.

•This means authentication is not account-specific, and the system is likely using a static/shared credential instead of generating unique tokens tied to individual sessions or users. Security Risks.