Portable Document Format (PDF), is this secure or is it something to be suspicious about upon receiving? Jens Müller gave a convincing talk at Black Hat USA 2020, Portable Document Flaws 101, that it is something to think twice about before opening. This article will provide highlights from the insightful talk about the possible PDF-based attacks and the varying security of PDF-readers (purer viewers only and not editors).

When is hacking legal? Host and security researcher Laura Kankaala delves into this topic with guest and Detectify General Counsel Cecilia Wik. NOTE: this episode does not give any official legal advice, but Laura picks Cecilia’s brain about the legalities of hacking with her area of expertise, the law. Their discussion covers different laws concerning the information security community such as copyright law, the Computer Fraud and Abuse Act and Wire Fraud Act.

In a fast-paced tech environment, the potential attack surface increases with each release. Tech companies can no longer only safeguard themselves with a firewall alone and network monitoring. Web applications are the new perimeter that security warriors are tasked with protecting as they can introduce new entry points into the company infrastructure. We look at how you can reduce attack surfaces.

Scope-creeping doesn’t always end up in a 0-day with a CVE assigned, and this was the fortune of Detectify Crowdsource hacker, Özgür Alp. He is an ethical hacker with 7+ years experience, well certified within offensive security and also high ranked on hacker leaderboards. Here is his success story on how he, with the help of the Detectify Crowdsource team, turned an open redirect into a public disclosed vulnerability known as CVE-2020-1323.

As we are all currently confined to a life at home during the pandemic, it has become more important than ever that our favorite web applications stay fast and reliable. Many modern web applications use web caches to keep up with these demands. While this works wonders from a performance perspective, it also opens up new attack vectors. One of these new attack vectors is called Web Cache Poisoning.

STOCKHOLM — July 14th, 2020 — Detectify, the Sweden-born cybersecurity company that offers a website vulnerability scanner powered by Crowdsource – a network of ethical hackers, today announced that it has achieved the internationally recognized standard ISO/IEC 27001:2013 certification.

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

A misconfiguration is exactly what it sounds like; something that is wrongly configured. From a security perspective this can be either fairly harmless, or in the worst case devastating. We have written about misconfigurations before, both here and here. Misconfigurations may derive from many different reasons, such as: Hackers often exploit misconfigurations, since this can have a huge security impact.

We know “go hack yourself,” but what about unhack yourself? According to Laura and Tom (@TomNomNom), it means understanding how something is built and how it works, before you can know if you’ve successfully hacked it apart. There were many valuable soundbites to take from this dynamic conversation between host Laura Kankaala and guest Tom Hudson of Detectify.

It’s soon time for Summer vacation to begin, and we’ve asked our colleagues to share some of their summer learning tips for better security awareness.