By Luke Stephens Feb 18, 2021How to Find XXE Bugs: Severe, Missed and Misunderstood Introduction Every time I see an opportunity to attempt an External Entity Injection (XXE) attack I get excited. In my experience it has a high chance of success when compared to many other vulnerability types. Many of the XXE exploitation… Read More
By Luke Stephens Feb 5, 2021The 10 Most Common Bugs of 2021 So Far, and How to Find Them! We're a whole month into 2021 already - and what a month it has been! Something that I always find fascinating is keeping an eye on the most common bug classes that get submitted through our platform. I think that… Read More
By Luke Stephens Oct 27, 2020Spooky Bug! BOO! 👻 If you haven't noticed, the Bugcrowd logo kind of looks like a jack-o'-lantern 🎃 , which is really convenient because it's almost Halloween. It's going to be a great Halloween, I can feel it in my bones 🦴… Read More
By Luke Stephens Oct 14, 2020What Vuln Scanners Miss in API Testing Luke Stephens is a father, husband, hacker, pen tester, and full-time Application Security Engineer and Quality Assurance Training Manager at Bugcrowd APIs are the interface between an organization’s most sensitive data and the end-user. And they’re everywhere. The last decade… Read More
By Luke Stephens Oct 7, 2020These Are the Bugs You Should Look for in Late 2020 I have a pretty sweet job 😎. I get to read bug bounty submissions that blow my mind. I spend a considerable amount of time each day gathering my jaw from my office desk after reading about some face-melter P1s.… Read More
By Luke Stephens Sep 26, 2020A Byte-ful with TomNomNom Without a doubt, tomnomnom is one of my favourite hackers. I look up to his tools and mindset. Recently, I was able to sit down and have a long chat with him. In this podcast, Tom goes into detail and… Read More
By Luke Stephens Apr 19, 2020Three cheers for virtual cons! #LevelUp0x06 I have a confession to make: I've been to a lot of hacking conferences, but I've seen hardly any talks from start to finish. It's not that the talks aren't interesting, they are! It's not that I have trouble focusing… Read More
By Luke Stephens Mar 24, 2020A Note from Luke Stephens: Bugcrowd’s New Manager of Quality Assurance and Training My name is Luke Stephens. If you're one of my internet mates, you probably know me better as hakluke. I'm very excited to join Bugcrowd as the Manager of Quality Assurance and Training. I could bore you with a bunch… Read More