Category: Mix

A Security Engineer and Hacker Share Their Experiences with Security Assessments
01
May
2023

A Security Engineer and Hacker Share Their Experiences with Security Assessments

App Security is More Vital than Ever The number of apps that organizations and individuals interact with has exploded over…

The real impact of an Open Redirect vulnerability
01
May
2023

The real impact of an Open Redirect vulnerability

Detectify is building web app security solutions that are automated and crowd-based. By collaborating with ethical hackers, business critical security…

5 Secrets of a Mature Vulnerability Management Program from Costa Coffee and Priceline
01
May
2023

5 Secrets of a Mature Vulnerability Management Program from Costa Coffee and Priceline

This week HackerOne hosted a series of webinars that asked participants about how they rated their level of vulnerability management…

Fitting automated security throughout the CI/CD pipeline
01
May
2023

Fitting automated security throughout the CI/CD pipeline

As companies compete with how fast new features and products can be released on the digital market, a byproduct of…

Spotlight on the Server-Side | HackerOne
01
May
2023

Spotlight on the Server-Side | HackerOne

Server-side request forgery (or SSRF) vulnerabilities can lead to total system compromise and allow access to an organization’s internal or…

HTTP response splitting exploitations and mitigations - Detectify Blog
01
May
2023

HTTP response splitting exploitations and mitigations – Detectify Blog

HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will…

MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN
30
Apr
2023

MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN

According to the New York Times, Microsoft says the state-backed Russian hacker group Nobelium—the same actor behind the 2020 SolarWinds…

Guest blog from Detectify Crowdsource researcher Lerhan
30
Apr
2023

Lerhan: Bypassing IDOR protection with URL shorteners

Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and…

HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION'S SECURITY CHALLENGES
30
Apr
2023

HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION’S SECURITY CHALLENGES

Last week, HackerOne joined  WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. Both existing organizations…

Content-Security-Policy explained
30
Apr
2023

Content Security Policy (CSP) explained including common bypasses

We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have…

HACK HARD. HAVE FUN. INCREASE SECURITY
30
Apr
2023

HACK HARD. HAVE FUN. INCREASE SECURITY

Amazon’s Live Hacking Event with HackerOne At Amazon, ensuring security is essential for earning customers’ trust. As part of Amazon’s ongoing…

What is a blind vulnerability and how can it be exploited and detected? 
30
Apr
2023

What is a blind vulnerability and how can it be exploited and detected? 

There are times where an attacker can hack a system and yet nothing is sent back, and this is classified…