Length extension attacks: the SHA2 algorithm
Many authentication/authorization implementations rely on signed assertions. JWT, SAML and two popular examples. If the signature is a plain salted hash of the message, then it’s possible to append arbitrary data to the message and generate a new valid signature, without knowing the salt—the so called “Length extension attack”.
XSS evasion techniques to fetch an external resource
So you popped that sweet alert(1) and now want to do something that’s actually useful, but the input is being truncated to 15 characters? Or maybe your input is being capitalized? Let’s look at some ways to go around it.