Spotlight on the Server-Side | HackerOne
Server-side request forgery (or SSRF) vulnerabilities can lead to total system compromise and allow access to an organization’s internal or cloud infrastructure if exploited. Today,…
Latest Cybersecurity News — Page 5770
View all →
HTTP response splitting exploitations and mitigations – Detectify Blog
HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will be interpreted by the client.…
MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN
According to the New York Times, Microsoft says the state-backed Russian hacker group Nobelium—the same actor behind the 2020 SolarWinds attacks—took control of the State…
Lerhan: Bypassing IDOR protection with URL shorteners
Xavier Blasco (a.k.a Lerhan) is a 23-year old security researcher on the Detectify Crowdsource Platform. He’s passionate about security and found a way in through…
HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION’S SECURITY CHALLENGES
Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. Both existing organizations making the digital shift and…
Content Security Policy (CSP) explained including common bypasses
We have written about Content Security Policy (CSP) on Detectify Labs before. But maybe you’re wondering why should you have it on your site to…
Enhance Employee Productivity by Adopting a Modern Approach to Password Security
By Joshua Parsons, Product Marketing Manager at Enzoic For decades, enterprise security measures and employee productivity were seemingly at odds. In fact, 37% of respondents…
Complexity is Still the Enemy of Security
Ease of Use, Ease of Integration Encourages Data Protection By Gregory Hoffer, CEO of Coviant Software In 1999 noted cybersecurity expert Bruce Schneier wrote in…
HACK HARD. HAVE FUN. INCREASE SECURITY
Amazon’s Live Hacking Event with HackerOne At Amazon, ensuring security is essential for earning customers’ trust. As part of Amazon’s ongoing public Vulnerability Research Program (VRP),…
What is a blind vulnerability and how can it be exploited and detected?
There are times where an attacker can hack a system and yet nothing is sent back, and this is classified as a blind vulnerability. This…
BUILD A RESILIENT SECURITY POSTURE WITH VULNERABILITY INTELLIGENCE AND CYBERSECURITY RATINGS
Reducing risk is the fundamental reason organizations invest in cybersecurity. The threat landscape grows and evolves, creating the need for a proactive, continual approach to…
Bypassing Cloudflare WAF with the origin server IP address
This is a guest blog post from Detectify Crowdsource hacker, Gwendal Le Coguic. This is a tutorial on how to bypass Cloudflare WAF with the…