OWASP TOP 10: Cross-site Scripting – XSS
Update: On the OWASP Top 10 2021 proposed, Cross-site scripting (XSS) was moved from the top of the OWASP list as a stand-out vulnerability, into…
Category: Mix
Explaining the Best Prompt Injection Proof of Concept · rez0
I’ve been theorizing and researching prompt injection attacks. They’ve mostly been theoretical, though. In this post, I’m going to break down and explain the best…
Introducing the Hacker101 CTF | HackerOne
Hacker101 is getting something brand new: our own Capture The Flag! For those who are unfamiliar, Capture The Flags (better known as CTFs) are games…
[Alert] New WordPress XSS Vulnerability Discovered
Are you running WordPress 4.2.0 to 4.5.1? Time to upgrade to 4.5.2! It was recently discovered that WordPress versions 4.2.0 to 4.5.1 are vulnerable against a reflected…
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating your digital assets to the cloud can seem overwhelming at times. But you’re not alone. AWS has done a good job of meeting you…
IT Security FAQ 8: SSL? Https:// – how do you connect it? What info should be encrypted? – Detectify Blog
Secure Sockets Layer (SSL) is a cryptographic protocol designed to provide communications security over a computer network. SSL makes the communication safe between two points,…
Top Fierwall Misconfigurations & Their Exploits
Network security should be a major focus for companies moving to the cloud. Cloud networks are exposed to the Internet and companies don’t have direct…
[Alert] New Magento Vulnerability – Unauthenticated Remote Code Execution
Are you running Magento version before 2.0.6.? Time to upgrade!It was recently discovered that all Magento versions before 2.0.6. (both Community and Enterprise Edition) are vulnerable against an unauthenticated Remote…
Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response
“To improve the security of their connected systems, every corporation should have a vulnerability disclosure policy that allows them to receive security submissions from the…
5 New Detectify Features – Detectify Blog
We have listened to your feedback and added several requested features to our service. Ability to remove tags that have previously been added to specific…
How Hacktivity Can Save Your Company: Experts Weigh In
Hacktivity can save your company. Take help from hackers. You can’t do it alone. Approach hackers with an assumption of benevolence, and develop relationships with…
OWASP TOP 10: Insecure Direct Object Reference
Insecure Direct Object Reference allows attackers to manipulate references to gain access to unauthorized data. A proof of concept video follows this article. OWASP is a non-profit…