Publications

Books & Research Papers

Published research, books, and security papers from our founder and consulting team, including the 2024 book Web Hacking Arsenal from CRC Press and earlier work on browser security, WAF bypass, and HTML5 attack vectors.

Author bio

Research is part of the practice, not separate from it

Rafay Baloch, RedSecLabs founder, has authored multiple books and security research papers across browser security, web application security, WAF bypass, and penetration testing methodology. His work has been disclosed to vendors including Apple, Microsoft, Google, and Mozilla, and is cited in academic curricula and industry conferences.

Featured publication

Latest book

2024
Web Hacking Arsenal: A Practical Guide to Modern Web Pentesting
Book

Web Hacking Arsenal: A Practical Guide to Modern Web Pentesting

CRC Press · Taylor & Francis·2024

Web Hacking Arsenal is a thorough guide to modern web application penetration testing, blending real-world penetration testing insights with detailed research. The book is designed to bridge critical knowledge gaps in cybersecurity, equipping readers with both theoretical understanding and practical hands-on skills. Its focus is on real-life challenges encountered in the field, moving beyond simulated scenarios into the actual problems that arise during real engagements.

The core of Web Hacking Arsenal is its ability to adapt to the evolving nature of web security threats. It prepares readers not just for the challenges of today but for the unforeseen complexities of the future, a proactive approach that helps readers to stay ahead in a constantly changing cybersecurity environment.

Earlier work

Research papers & publications

6 papers
Poking a Hole in Whitelist for Bypassing Firewall Domain Fronting
2017

Poking a Hole in Whitelist for Bypassing Firewall

Domain Fronting is a widely popular technique used for evading firewalls, DPIs, and censors by abusing legitimate high-reputation cloud providers, specifically Content Delivery Networks (CDN). This paper presents new techniques for both Domain Fronting and Domainless Fronting that bypass detection.
Bypassing Browser Security Policies for Fun and Profit Mobile Browser Security
2016

Bypassing Browser Security Policies for Fun and Profit

Mobile browsers, in comparison to desktop browsers, are relatively new and have not gone under the same level of scrutiny. This paper documents bypass techniques for security policies including Same Origin Policy on mobile browsers, including findings disclosed to major vendors.
Modern Day HTML5 Attack and Defence Vectors HTML5 Security
2015

Modern Day HTML5 Attack and Defence Vectors

Six years after the advent of HTML5, web technologies relying on flash and silverlight were rapidly being replaced. This paper covers the attack and defence vectors introduced by HTML5 features that became prevalent across the web ecosystem.
Ethical Hacking and Penetration Testing Guide Penetration Testing
2014 · CRC Press

Ethical Hacking and Penetration Testing Guide

Introduces the steps required to complete a penetration test or ethical hack. Requires no prior hacking experience and explains how to use and interpret the results of modern hacking tools required to complete a full assessment.
Bypassing Modern WAF’s XSS Filters & Cheat Sheet Web Application Firewalls
2014

Bypassing Modern WAF’s XSS Filters & Cheat Sheet

Rsnake’s XSS cheat sheet was one of the best resources for bypassing WAFs, but over time browser updates made many vectors stop working. This cheat sheet covers updated techniques for bypassing modern WAFs including ModSecurity, F5 BIG-IP ASM, and Imperva.
Breaking the Great Wall of Web WAF Bypass
2014

Breaking the Great Wall of Web

Input validation flaws such as XSS are the most prevalent security threats affecting modern web applications. WAFs are used to inspect HTTP requests for malicious transactions, but this paper demonstrates novel techniques to bypass them across major commercial WAF products.

Want this kind of depth on your environment?

Our research informs the consulting work. Book a 30-minute scoping call to discuss penetration testing, secure code review, or threat-led engagements with our senior team.

Book a scoping call More from our research
Call us Book a call