- https://blog.orange.tw/
- https://ngailong.wordpress.com/
- https://whitton.io/
- https://sakurity.com/blog
- https://homakov.blogspot.com/
- https://buer.haus/
- https://philippeharewood.com/
- https://portswigger.net/research
- https://gerbenjavado.com/
- https://medium.com/@intideceukelaire
- https://samcurry.net/
- https://stephensclafani.com/
- https://www.josipfranjkovic.com/
- https://www.arneswinnen.net/
- https://blog.assetnote.io/
- https://medium.com/@alex.birsan
- https://cablej.io/
- https://jonbottarini.com/
- https://www.corben.io/
There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.
Shameless plug: I write about web application security at https://edoverflow.com/.
- https://blog.orange.tw/
- https://ngailong.wordpress.com/
- https://whitton.io/
- https://sakurity.com/blog
- https://homakov.blogspot.com/
- https://buer.haus/
- https://philippeharewood.com/
- https://portswigger.net/research
- https://gerbenjavado.com/
- https://medium.com/@intideceukelaire
- https://samcurry.net/
- https://stephensclafani.com/
- https://www.josipfranjkovic.com/
- https://www.arneswinnen.net/
- https://blog.assetnote.io/
- https://medium.com/@alex.birsan
- https://cablej.io/
- https://jonbottarini.com/
- https://www.corben.io/
There is also this massive list of write-ups that might be of interest to you: https://github.com/ngalongc/bug-bounty-reference.
Shameless plug: I write about web application security at https://edoverflow.com/.