What is a blind vulnerability and how can it be exploited and detected?
There are times where an attacker can hack a system and yet nothing is sent back, and this is classified as a blind vulnerability. This…
Category: Mix
BUILD A RESILIENT SECURITY POSTURE WITH VULNERABILITY INTELLIGENCE AND CYBERSECURITY RATINGS
Reducing risk is the fundamental reason organizations invest in cybersecurity. The threat landscape grows and evolves, creating the need for a proactive, continual approach to…
Bypassing Cloudflare WAF with the origin server IP address
This is a guest blog post from Detectify Crowdsource hacker, Gwendal Le Coguic. This is a tutorial on how to bypass Cloudflare WAF with the…
ANNOUNCING HACK THE ARMY 3.0 RESULTS: A CONVERSATION WITH DEFENSE DIGITAL SERVICE, U.S. ARMY, AND HACK THE ARMY 3.0’S TOP HACKER
Five years after the Defense Digital Service (DDS) launched the first-ever U.S. federal government bug bounty Challenge, we’re pleased to announce the results of Hack…
Meet the Team: Emelie Andersson – Building a fast-flying sales team
Swedish west coast native Emelie Andersson moved to the other side of the country 6 years ago to pursue a career in software sales. Today…
60 Days of Insights from the DOD’s Defense Industrial Base Vulnerability Disclosure Program Pilot
In April of 2021, the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) pilot kicked off a twelve-month program to invite security researchers to hunt for…
Introducing Asset Inventory: stay on top of your web asset security
Good security starts with knowing your web assets. To enable transparency over your tech stack, we have released Asset Inventory, a new view that helps…
How Hackers Can Help Reduce Your Organization’s Application Risk on AWS
HackerOne recently hosted AWS and a panel of expert ethical hackers to discuss how Server-Side Request Forgery (SSRF) vulnerabilities and cloud misconfiguration are ripe environments for hackers to discover…
Detectify now checks for File Disclosure in SSL VPNs – Pulse Secure and Fortinet
Pulse Secure and Fortinet have announced advisories detailing a critical vulnerability found that enables an unauthenticated user to conduct file disclosure in SSL VPN. Thanks…
Citrix’s Hacker-Powered Security Growth Plan: Q&A with Abhijith Chandrashekar
With over 400,000 customers, Citrix is a recognized industry leader in both digital workspace technology and in its approach to hacker-powered security. Spearheaded by Abhijith Chandrashekar,…
How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN
Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations. They are one of…
HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER
Developers need to bring security into their workflows without pivoting to separate security tools to get vulnerability information. HackerOne has created an integration with GitHub to streamline the process…