OWASP TOP 10: Broken Authentication
Update: Broken Authentication has moved down the list to position #7 because it seems to be less of an issue due to increasing adoption of…
Category: Mix
H1-702 2018 makes history with over $500K in bounties paid!
In August 2016, a small group of HackerOne staff brought to life the first ever live hacking event in HackerOne’s history at DEF CON 24…
Join a demo session with Detectify
We will have scheduled Demo sessions this week and we definitely think that you should join. In the 30 minute session we will cover: Understanding…
Highlights of New York’s Cybersecurity Regulation 23 NYCRR Part 500
September 4, 2018 – Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13,…
OWASP TOP 10: Cross-site Scripting – XSS
Update: On the OWASP Top 10 2021 proposed, Cross-site scripting (XSS) was moved from the top of the OWASP list as a stand-out vulnerability, into…
Explaining the Best Prompt Injection Proof of Concept · rez0
I’ve been theorizing and researching prompt injection attacks. They’ve mostly been theoretical, though. In this post, I’m going to break down and explain the best…
Introducing the Hacker101 CTF | HackerOne
Hacker101 is getting something brand new: our own Capture The Flag! For those who are unfamiliar, Capture The Flags (better known as CTFs) are games…
[Alert] New WordPress XSS Vulnerability Discovered
Are you running WordPress 4.2.0 to 4.5.1? Time to upgrade to 4.5.2! It was recently discovered that WordPress versions 4.2.0 to 4.5.1 are vulnerable against a reflected…
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating your digital assets to the cloud can seem overwhelming at times. But you’re not alone. AWS has done a good job of meeting you…
IT Security FAQ 8: SSL? Https:// – how do you connect it? What info should be encrypted? – Detectify Blog
Secure Sockets Layer (SSL) is a cryptographic protocol designed to provide communications security over a computer network. SSL makes the communication safe between two points,…
Top Fierwall Misconfigurations & Their Exploits
Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct…
[Alert] New Magento Vulnerability – Unauthenticated Remote Code Execution
Are you running Magento version before 2.0.6.? Time to upgrade!It was recently discovered that all Magento versions before 2.0.6. (both Community and Enterprise Edition) are vulnerable against an unauthenticated Remote…