Index < START HERE
Live Stream Content
OWASP Top 10
Content discovery / recon
Cross-Site Request Forgery (CSRF)
Server-side request forgery (SSRF)
Insecure file upload
My writeups (CTF & BugBounty)
THM: Planet Express (Hard)
THM: StoreSuper (Medium)
CobraKai Dojo (Medium)
Links worth your time
Practical API Hacking
Rana Khalil's Web Security Academy Course
Portswigger's Web Security Academy
TCM Security Discord
Secure design principles
Secure development lifecycle
What is it?
Rate limiting prevents us from sending large numbers of requests to a target. It can also be referred to as throttling.
A simple example:
An application has a login form
When a request is made to login, the IP is saved and a counter assigned
If more than 10 attempts are made within 1minute the IP is blocked
Can we identify how the rate-limiting is being applied?
Can we spoof the a header that's being used
Can we use other user agents?
Can we use different cookies or session tokens?
Can we tamper with HTTP verbs
Can we decrease the frequency of requests and leave overnight?
Can we create legitimate-looking behaviour
Next - Scripts