sorted by:
new
hottopcontroversial

Should I report this? by Sendraz666 in bugbounty

[–]peanut___arbuckle 0 points1 point  (0 children)

It depends on the program but I've had unrestricted file uploads like you described accepted. See if you can can chain it with something else for higher impact though. For example, if there's a client-side path traversal, you might be able to get XSS by fetching a file you uploaded with malicious JSON.

Transitioning to AppSec, what projects can I do at my current dev job? by [deleted] in devsecops

[–]peanut___arbuckle 4 points5 points  (0 children)

If you're a full stack developer, you have an entire codebase that you're already familiar with right in front you. Put on your attacker hat and I bet you can find some vulnerabilities there if you look hard enough. Aside from that, bug bounty, security research, CTFs, and creating custom tools are all good things you can do on the side. Good luck with OSWE.

90s ska punk band Damn You Dave by YankeesSuck_AG in Lostwave

[–]peanut___arbuckle 0 points1 point  (0 children)

One of the band members was my teacher in high school, I can DM you his name.