The other day, our tech lead suggested we implement supervised machine learning to automate our ticket approval system. He said it would be very easy. I had no idea how it worked-and honestly, I was confused. Why not just use if-else statements? Problem Statement We have a ticket approval system, a platform for reviewing tickets that request access to some resource. With an increasing number of tickets being submitted, manually reviewing them has become inefficient.

Recently, when I debugged a web app, I had to add my own test domain to a CORS allowed list there. Then I remembered having seen a CORS vulnerability report before and decided to delve deeper into this topic. Create a Simple Web App with CORS Misconfiguration Essentially, we require a web application with a straightforward login feature and a data endpoint. With misconfigured CORS, we should be able to see the sensitive data from another origin.

As a young professional in cybersecurity, do you often feel so dumb that you can’t understand some concepts? Maybe my experience can help. My Background I studied Information Security in college. We had the usual foundational CS and math courses, along with cryptography. Back then, the security field seemed straightforward—either you were an attacker or a defender—even though I had no idea how either actually worked. Later, I interned at two companies, where I learned about web pentesting and Active Directory security.

So, I almost submit my first valid bug report… What Happened The other night, I finally decided to give bug bounty a try. I found a VDP program and let ChatGPT write me a recon script. That recon script returned with several subdomains, and when I went through them, a weird domain caught my eye. What the hell is ‘whoami.xx.xx.com’? Out of curiosity, I opened that in my browser. Holy cow, it looks like a debugging page with an internal IP!