Web Cache Entanglement – Novel Pathways to Poisoning
Each year we anticipate new research from James Kettle at the annual Black Hat USA event and he’s become known for his web cache research.…
Category: Mix
Vulnerability Disclosure | What’s the Responsible Solution?
What Is a Vulnerability Disclosure? During a vulnerability disclosure, individuals report security weaknesses in computer systems to the organization. Disclosures can be contentious; some organizations…
Discover latest security vulnerabilities in minutes with Detectify
25 minutes. That’s how long it took to bring high severity security vulnerabilities to Detectify Asset Monitoring customers from the moment they were discovered. On…
DOD’s DIB-VDP Pilot Hits Six Month Milestone
Six months into the 12-month pilot with the Department of Defense’s Defense Industrial Base Vulnerability Disclosure Pilot (DOD DIB-VDP Pilot), HackerOne sat down with key…
Common Nginx misconfigurations that leave your web server open to attack
Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked,…
The Evolution of HackerOne’s Live Hacking Events
If you’ve heard of HackerOne, then you’ve heard about our Live Hacking Events. For years, we’ve been bringing together the brightest minds in security to…
Reflected Cross-Site Scripting in cPanel (CVE-2023-29489) – Assetnote
Summary A reflected cross-site scripting vulnerability can be exploited without any authentication in affected versions of cPanel. The XSS vulnerability is exploitable regardless of whether…
How to Use Bug Bounty Program Data to Improve Security and Development
At HackerOne’s 2021 Security@ conference, two experienced HackerOne program managers, Allie Lugton and Denzel Duncan held a session on tracking and interpreting data from bug…
How to “winterize” and secure your eCommerce website for the holidays
With online retailers and shoppers busy focusing on the upcoming holiday shopping season, cybercriminals are on the hunt for unsuspecting victims to defraud. Don’t worry;…
Finding XSS in a million websites (cPanel CVE-2023-29489) – Assetnote
cPanel is a web hosting control panel software that is deployed widely across the internet. To be exact, there are about ~1.4 million installations of…
Bug Bounty vs. VDP | Which Program Is Right for You?
What Are the Key Differences between Bug Bounty and VDPs? A VDP is a structured method for third parties, researchers, and ethical hackers to report…
Continuously Hack Yourself because WAF security is not enough
Have the WAF security companies got you thinking that a firewall is enough? In a modern landscape, development and security move faster, and so do…