Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Detectify security updates for 4 September

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

How secure is the PDF file?

Portable Document Format (PDF), is this secure or is it something to be suspicious about upon receiving? Jens Müller gave a convincing talk at Black Hat USA 2020, Portable Document Flaws 101, that it is something to think twice about before opening. This article will provide highlights from the insightful talk about the possible PDF-based attacks and the varying security of PDF-readers (purer viewers only and not editors).

Undetected e.05: Cecilia Wik - A Lawyer's Take on Hacking

When is hacking legal? Host and security researcher Laura Kankaala delves into this topic with guest and Detectify General Counsel Cecilia Wik. NOTE: this episode does not give any official legal advice, but Laura picks Cecilia’s brain about the legalities of hacking with her area of expertise, the law. Their discussion covers different laws concerning the information security community such as copyright law, the Computer Fraud and Abuse Act and Wire Fraud Act.

How to reduce your attack surface

In a fast-paced tech environment, the potential attack surface increases with each release. Tech companies can no longer only safeguard themselves with a firewall alone and network monitoring. Web applications are the new perimeter that security warriors are tasked with protecting as they can introduce new entry points into the company infrastructure. We look at how you can reduce attack surfaces.

Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323

Scope-creeping doesn’t always end up in a 0-day with a CVE assigned, and this was the fortune of Detectify Crowdsource hacker, Özgür Alp. He is an ethical hacker with 7+ years experience, well certified within offensive security and also high ranked on hacker leaderboards. Here is his success story on how he, with the help of the Detectify Crowdsource team, turned an open redirect into a public disclosed vulnerability known as CVE-2020-1323.

Do you trust your cache? - Web Cache Poisoning explained

As we are all currently confined to a life at home during the pandemic, it has become more important than ever that our favorite web applications stay fast and reliable. Many modern web applications use web caches to keep up with these demands. While this works wonders from a performance perspective, it also opens up new attack vectors. One of these new attack vectors is called Web Cache Poisoning.

Detectify security updates for 13 July

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Common security misconfigurations and remediations

A misconfiguration is exactly what it sounds like; something that is wrongly configured. From a security perspective this can be either fairly harmless, or in the worst case devastating. We have written about misconfigurations before, both here and here. Misconfigurations may derive from many different reasons, such as: Hackers often exploit misconfigurations, since this can have a huge security impact.

Undetected e.04: TomNomNom - Hacking things back together

We know “go hack yourself,” but what about unhack yourself? According to Laura and Tom (@TomNomNom), it means understanding how something is built and how it works, before you can know if you’ve successfully hacked it apart. There were many valuable soundbites to take from this dynamic conversation between host Laura Kankaala and guest Tom Hudson of Detectify.