A misconfiguration is exactly what it sounds like; something that is wrongly configured. From a security perspective this can be either fairly harmless, or in the worst case devastating. We have written about misconfigurations before, both here and here. Misconfigurations may derive from many different reasons, such as: Hackers often exploit misconfigurations, since this can have a huge security impact.

We know “go hack yourself,” but what about unhack yourself? According to Laura and Tom (@TomNomNom), it means understanding how something is built and how it works, before you can know if you’ve successfully hacked it apart. There were many valuable soundbites to take from this dynamic conversation between host Laura Kankaala and guest Tom Hudson of Detectify.

It’s soon time for Summer vacation to begin, and we’ve asked our colleagues to share some of their summer learning tips for better security awareness.

How does Detectify Crowdsource get the most skilled ethical hackers of the world to come together and have as broad an impact as possible? The answer – a bug bounty program, but not in the traditional way. I am Carolin Solskär, Detectify Crowdsource Community Manager and I work closely with our ethical hackers to make sure we maintain an awesome experience for all our members with the shared goal to make the Internet more secure.

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

HTTP request smuggling is increasingly exploited by hackers in the wild and in bug bounty programs. This post will explain the HTTP request smuggling attack with remediation tips. HTTP request smuggling is an attack technique that abuses how two HTTP devices send requests between each other (typically a front-end proxy or a HTTP-enabled firewall and a backend server) or chaining multiple servers together with different configurations.

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Bug bounties – some argue that this is one of the buzzwords of the decade in the cybersecurity industry. Whatever you want to label it, it’s a trend that we can’t ignore these days. A lot of companies are taking part in it, so what’s it all about? There were many valuable soundbites to take from this, and especially from podcast guest, Fredrik N. Almroth (@almroot) because he’s hacked all the tech giants and more. If you can name it, he’s probably hacked it.

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.