Pentest-Tools.com, Security Research Engineer
Alex is a passionate security engineer and a bug bounty hunter. He loves researching and discovering vulnerabilities in web applications, as well as finding ways to improve his day-to-day work. He also enjoys writing in-depth research articles by highlighting the technical details in ways that make our readers better understand core concepts.
Alex is a passionate security engineer and a bug bounty hunter. He loves researching and discovering vulnerabilities in web applications, as well as finding ways to improve his day-to-day work. He also enjoys writing in-depth research articles by highlighting the technical details in ways that make our readers better understand core concepts.
In February 2024, we set out to compare our Website Vulnerability Scanner against some of the established names in Dynamic Web Application Security Testing, both commercial and open-source: Burp Scanner, Acunetix, Qualys, Rapid7 InsightAppSec, and ZAP.
Back in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.
