The researcher’s desk: FortiWeb Authentication Bypass (CVE-2025-64446)
Welcome to The researcher’s desk – a content series where the Detectify security research team conducts a technical autopsy on vulnerabilities that are particularly interesting,…
Category: Mix
Hacking with Burp AI in the Chesspocalypse: API expert Corey Ball showcases how Burp AI can support pentesters. | Blog
Amelia Coen | 14 November 2025 at 15:09 UTC AI isn’t just reshaping cybersecurity – it’s challenging testers to rethink their entire playbook. In his…
The researcher’s desk: CVE-2025-59287 – Blog Detectify
Welcome to The researcher’s desk – a content series where the Detectify security research team conducts a technical autopsy on vulnerabilities that are particularly interesting,…
Product comparison: Detectify vs. Halo Security
Halo Security Pros It consolidates EASM, infrastructure scanning, and manual penetration testing services into a single platform, simplifying vendor management. Its deep cloud-provider integrations (AWS,…
What You Need to Know — API Security
Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance…
AI Has the Opposite Data Problem
We frequently hear that we have a data scarcity problem in AI. And when it comes to unique, Tolstoy-level literature and the like, that could…
Hunting for DOM-based XSS vulnerabilities: A complete guide
Traditional cross-site scripting (XSS) vulnerabilities were prevalent when server-side rendering (with languages like PHP, JSP, and ASP) was the norm. However, as applications become more…
Detectify AI-Researcher Alfred gets smarter with threat actor intelligence
Six months after launch, Alfred, the AI Agent that autonomously builds security tests, has revolutionized our workflow. Alfred has delivered over 450 validated tests against…
Exploiting JWT Vulnerabilities: Advanced Exploitation Guide
Before JSON Web Tokens (JWTs) became popular in today’s app development landscape, web applications predominantly used server-side sessions, which presented horizontal scalability issues. JWTs solved…
Product comparison: Detectify vs. Rapid7
Rapid7 Pros Correlates web app vulnerabilities with underlying infrastructure risk and active threat data. Provides expansive enterprise discovery of unknown web applications and open ports.…
Anthropic Changes MCP Calls Into Filesystem-based Skills
Anthropic just came out with a new article about code execution with MCP which is pretty extraordinary. Loading external blog post… It’s nuanced, but it…
Product comparison: Detectify vs. Invicti
Invicti Pros Deep, out-of-the-box integrations with CI/CD pipelines and issue trackers enable a fully automated, closed-loop “scan-to-ticket” workflow. It supports scanning non-public, internal applications through…