https://nicksv.com/tags/web-security/ Recent content in Web-Security on Nikita Sveshnikov Hugo en-us Mon, 29 Dec 2025 00:00:00 +0000 https://nicksv.com/posts/pdf-generator-research/ Mon, 29 Dec 2025 00:00:00 +0000 https://nicksv.com/posts/pdf-generator-research/ <p>The article on our research from the first half of this year is finally published: <a href="https://swarm.ptsecurity.com/blind-trust-what-is-hidden-behind-the-process-of-creating-your-pdf-file/" target="_blank" rel="noopener">Blind trust: what is hidden behind the process of creating your PDF file?</a> </p> https://nicksv.com/posts/java-url-equals-vulnerability/ Sun, 06 Jul 2025 00:00:00 +0000 https://nicksv.com/posts/java-url-equals-vulnerability/ <h2 id="tldr">TL;DR</h2> <p><code>java.net.URL.equals()</code> performs a DNS lookup and considers two URLs equal if their IP addresses match — even when the domains are completely different. This can bypass whitelist checks and lead to SSRF or DNS rebinding attacks.</p> https://nicksv.com/posts/github-security-lab-cors/ Sat, 05 Apr 2025 00:00:00 +0000 https://nicksv.com/posts/github-security-lab-cors/ <p>GitHub Security Lab published an article on localhost dangers, CORS and DNS rebinding — and they directly reference and recommend my research on CORS misconfiguration attacks.</p>