Usama helps you secure your APIs & apps

Usama Varikkottil

Usama Varikkottil

19 followers

I write about web & api security here. Follow me to receive new articles about security.

Pinned

Top 7 methods to find account takeover bugs in 2023

Aug 29, 202111 min read11.7K views

A step-by-step guide on how I find security vulnerabilities that others miss · Making some weird API requests resulted in full user account takeovers,...

Top 7 methods to find account takeover bugs in 2023

XSS Vulnerability: A Quick Guide for Entry-Level Developers

Jun 26, 20232 min read42 views

Get started with Cross Site Scripting: A Simple Guide for Beginner-Level Devs · XSS aka Cross Site Scripting is one of the strong enemies of developers....

XSS Vulnerability: A Quick Guide for Entry-Level Developers

How to fix XSS vulnerabilities in Node.js and expressJS

Jan 27, 20223 min read3.2K views

What is XSS? Simply we can say that XSS (Cross-site scripting) is a JavaScript code injection on web applications. Attackers use vulnerable web apps...

How to fix XSS vulnerabilities in Node.js and expressJS

How to exploit a basic SSRF vulnerability?

Jan 9, 20222 min read352 views

The challenge in this writeup is from Portswigger's web security academy lab. You can access it here for Free. The challenge We need to access the...

How to exploit a basic SSRF vulnerability?

How I got $400 for my first SSRF bug?

May 1, 20213 min read1.3K views

An easy-to-exploit SSRF vulnerability. · A story about my first SSRF finding on a bug bounty target web app, where I further exploited the SSRF bug into...

How I got $400 for my first SSRF bug?

Difference Between var, let, and const in Javascript

Oct 11, 20203 min read169 views

var and let These are two keywords used to declare variables in Javascript. Even though most beginners know these two keywords exist, we struggle with...

Difference Between var, let, and const in Javascript