Detectify

Getting started with Detectify

Nov 13, 2018 By Detectify In Detectify

Detectify is an automated vulnerability scanner that helps you stay on top of threats by testing your web application for 1000+ vulnerabilities. Getting started with Detectify is easy - you can get up and running in a matter of minutes.

View Video

Detectify

Read more about Getting started with Detectify

Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE

Nov 13, 2018 By Detectify In Detectify

A recent vulnerability was sent in to Detectify Crowdsource regarding an unauthenticated remote code execution (RCE) in Oracle WebLogic Server. It is easily exploited and this video shows the proof of concept.

View Video

Detectify

Read more about Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE

Cross-Site Request Forgery (CSRF) explained

Oct 3, 2018 By Detectify In Detectify

What is CSRF and how can you fix it? Fredrik explains how CSRF is created and how it can be used to exploit a user or a website. He also provides tips on how to mitigate it.

View Video

Detectify

Read more about Cross-Site Request Forgery (CSRF) explained

Sender Policy Framework (SPF) explained

Sep 20, 2018 By Detectify In Detectify

By default emails do not have any Sender Policy Framework set. If left unattended, this leaves your company and stakeholders vulnerable to email spoofing attacks. This video explains what SPF is and what steps to take in order to configure these settings to make your email secure.

View Video

Detectify

Read more about Sender Policy Framework (SPF) explained

Cross-site scripting (XSS) explained

Sep 5, 2018 By Detectify In Detectify

What is cross-site scripting (XSS)? Detectify security researcher and co-founder Fredrik Almroth (@Almroot) explains this common web vulnerability, how can it be executed using javascript, its impact and how to fix it.

View Video

Detectify

Read more about Cross-site scripting (XSS) explained

XSS using quirky implementations of ACME http-01

Sep 4, 2018 By Frans Rosén In Detectify

TL;DR Some hosting providers implemented http-01 having one part of the challenge key reflected in the response. This resulted in a huge amount of websites being vulnerable to XSS just because of their implementation of the http-01 ACME-challenge.

Read Post

Detectify

Read more about XSS using quirky implementations of ACME http-01

Bypassing and exploiting Bucket Upload Policies and Signed URLs

Aug 2, 2018 By Frans Rosén In Detectify

TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with the ability to also modify or delete existing files in the bucket.

Read Post

Detectify

Read more about Bypassing and exploiting Bucket Upload Policies and Signed URLs

Detectify | Meet the Hacker - Fredrik Nordberg Almroth

Jul 16, 2018 By Detectify In Detectify

Our second Meet The Hacker episode features none other than Fredrik Almroth, one of our founding security researchers and Head of Engineering! Some of you may know him as @almroot! At the office Fredrik is heading up our team to keep all Detectify’s users secure and our tool awesome.

View Video

Detectify

Read more about Detectify | Meet the Hacker - Fredrik Nordberg Almroth

Detectify Crowdsource | Meet the Hacker-Gerben Janssen van Doorn

Jun 14, 2018 By Detectify In Detectify

Are you interested in ethical hacking but aren’t sure where to start? A formal degree is definitely not required. We sat down with one of our top-ranked Detectify Crowdsource hackers, Gerben Janssen van Doorn, and asked him about his white-hat journey so far. In this video he shares why XSS is key for getting started and its role in keeping your web security secure.

View Video

Detectify

Read more about Detectify Crowdsource | Meet the Hacker-Gerben Janssen van Doorn

How hackers approach Magento sites | Video by Detectify

Jun 12, 2018 By Detectify In Detectify

Have you ever wondered how a hacker would analyze and attack a Magento website? We picked the brains of two ethical hackers to find out. Detectify’s security experts Linus Särud and Fredrik Almroth share their insights and tips to help you keep your Magento store safe from hackers.

View Video

Detectify

Read more about How hackers approach Magento sites | Video by Detectify

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Detectify

Getting started with Detectify

Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE

Cross-Site Request Forgery (CSRF) explained

Sender Policy Framework (SPF) explained

Cross-site scripting (XSS) explained

XSS using quirky implementations of ACME http-01

Bypassing and exploiting Bucket Upload Policies and Signed URLs

Detectify | Meet the Hacker - Fredrik Nordberg Almroth

Detectify Crowdsource | Meet the Hacker-Gerben Janssen van Doorn

How hackers approach Magento sites | Video by Detectify

Monthly Archive

Follow Us