Fitting automated security throughout the CI/CD pipeline
As companies compete with how fast new features and products can be released on the digital market, a byproduct of...
Read more →Category: Mix
Spotlight on the Server-Side | HackerOne
Server-side request forgery (or SSRF) vulnerabilities can lead to total system compromise and allow access to an organization’s internal or...
Read more →
HTTP response splitting exploitations and mitigations – Detectify Blog
HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will...
Read more →
MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN
According to the New York Times, Microsoft says the state-backed Russian hacker group Nobelium—the same actor behind the 2020 SolarWinds...
Read more →
Lerhan: Bypassing IDOR protection with URL shorteners
Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and...
Read more →
HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION’S SECURITY CHALLENGES
Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. Both existing organizations...
Read more →
Content Security Policy (CSP) explained including common bypasses
We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have...
Read more →
HACK HARD. HAVE FUN. INCREASE SECURITY
Amazon’s Live Hacking Event with HackerOne At Amazon, ensuring security is essential for earning customers’ trust. As part of Amazon’s ongoing...
Read more →
What is a blind vulnerability and how can it be exploited and detected?
There are times where an attacker can hack a system and yet nothing is sent back, and this is classified...
Read more →BUILD A RESILIENT SECURITY POSTURE WITH VULNERABILITY INTELLIGENCE AND CYBERSECURITY RATINGS
Reducing risk is the fundamental reason organizations invest in cybersecurity. The threat landscape grows and evolves, creating the need for...
Read more →
Bypassing Cloudflare WAF with the origin server IP address
This is a guest blog post from Detectify Crowdsource hacker, Gwendal Le Coguic. This is a tutorial on how to...
Read more →ANNOUNCING HACK THE ARMY 3.0 RESULTS: A CONVERSATION WITH DEFENSE DIGITAL SERVICE, U.S. ARMY, AND HACK THE ARMY 3.0’S TOP HACKER
Five years after the Defense Digital Service (DDS) launched the first-ever U.S. federal government bug bounty Challenge, we’re pleased to...
Read more →