🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.

CVE-2023-22515: Confluence Broken Access Control Exploit

CVE-2023-22515

Web Application Penetration Tester (WAPT) Notes

This repository contains OWASP Top 10 CTF challenges designed to test your skills in web application security. Each category includes both "easy" and "hard" challenges.

Slides and PoCs for my DEF CON 33 & HOU.SEC.CON 2025 talk on overlooked attack surfaces across Apple's ecosystem.

L'obiettivo di questo progetto è di mostrare come è possibile usare dei tag degli unit test per cercare di garantire la verifica di aspetti specifici di una applicazione.

Bachelor’s Work - WEB programming

Fixing an Insecure Blog Application.

CVE-2025-41090 (brokeCLAUDIA): Broken access control in microCLAUDIA, the anti-ransomware platform by CCN-CERT.

A Duolingo hack that lets you stack up gems

The most hackable Ticket-Shop!

BuggyBuy: Deliberately Vulnerable MERN Stack Web Application for Security Testing

Django website with intentional security flaws and their fixes to demonstrate vulnerabilities commonly found in web applications. Flaws include SQL injection, broken access control, SSRF, security misconfiguration, and CSRF.

WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk!

Project in Django Python on theme Security vulnerabilites - Sensitive data exposure, Broken Access Control.

This repository serves as the PoW of my 3-month remote internship cum training at Cyber Secured India

Proof of concept for exploitation of the vulnerability described in CVE-2025-11554, which concerns the possibility of a privilege escalation through arbitrary requests to user types change endpoint in the i-Educar software.

VulnWeb - Learn & Fix Common Security Flaws

Advanced modular web vulnerability scanner for SQLi, XSS, LFI, and access control issues

Broken Access Control vulnerability lab demonstrating IDOR and authorization flaws in web applications.

Bachelor’s Work - WEB programming

Script que permite obtener la información de estudiantes y la sesion de un usuario en el portal de la universidad. Ademas de poder inyectar codigo SQL en una cookie en la base de datos de la universidad.

Web security practice through Root-Me challenges, with detailed write-ups.

Curso de OWASP Top 10: de Injections a monitoramento.

API security lab demonstrating Broken Access Control (IDOR-style vulnerability) and secure authorization checks using FastAPI.

A collection of real-world IDOR security labs highlighting broken access control and object-level authorization failures.

JWT authentication security lab demonstrating token forgery, privilege escalation, and secure validation using FastAPI.

AppSec engineering portfolio: OWASP Top 10 case studies in PHP & Python (repro → fix → tests) plus Secure SDLC & AWS security notes.