Critical Thinking - Bug Bounty Podcast
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu
Feb 20, 2025
Kevin Mizu, a security researcher at Bisecure specializing in web app security, discusses the critical vulnerabilities associated with DOMPurify. He explores dangerous allow-lists, improper sanitization techniques, and the significance of managing configurations. Mizu shares insights into his own bug bounty experiences, including the exploitation of misconfigured regex patterns and the nuances of Unicode normalization. The conversations emphasize creative thinking in cybersecurity and the intricate methods used to bypass HTML sanitization, underscoring the complexities in maintaining web application security.
01:49:15
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Kevin Mizu emphasizes the importance of understanding DOMPurify's misconfigurations, as they can unintentionally lead to severe security vulnerabilities like XSS attacks.
- The podcast highlights the critical role of cookie management in preventing session fixation vulnerabilities, pointing out how improper attributes can facilitate account takeover.
Deep dives
Introduction to DOM Purify's Importance
DOM Purify is a widely utilized HTML sanitization library that allows for the safe processing of untrusted user input in web applications. Its significance stems from its application across various environments where user-generated content could pose a security risk. The podcast discusses the recent articles highlighting DOM Purify’s capabilities, particularly focusing on its misconfigurations that security professionals, especially bug bounty hunters, encounter. An example is given which describes how the author became engrossed in exploring the depth of DOM Purify, reinforcing its relevance to the security landscape.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
