News
1 June 2020
Full infrastructure takeover of VMware Cloud Director (CVE-2020-3956)
How a single simple form submission can be manipulated to gain control of any Virtual Machine (VM) within VMware Cloud Director. The story of a critical vulnerability that enables a full infrastructure takeover.
4 June 2019
Security Practices in Web Application Development - OWASP TOP 10
Is there 100% error free software? Is there 100% secure software? The answer to both questions is NO, but don't panic.
24 May 2019
Intigriti XSS challenge write-up
Intigriti published a DOM XSS Challenge available at Intigriti’s bug bounty platform. The assignment was to exploit a DOM XSS vulnerability on this page and to trigger a pop up of the document.domain (challenge.intigriti.io).
17 April 2019
How to Secure Your Blockchain Project with a Smart Contract Audit
There’s no official testing standard for Smart Contracts. But that doesn’t mean you should leave your code untested. Here’s how we approach audits that go beyond checklists.
14 November 2018
Cloudflare, how to do it right and don't reveal your real IP
The goal of this blogpost is to show what needs to be done to have a secure working setup, explain why all of the countermeasures are really necessary by demonstrating the attacks that they are mitigating, to not reveal your origin IP address.
20 February 2018
MS13-105: Oracle Outside In MDB Parsing Vulnerability – CVE-2013-5791
People sometimes ask how to know what exact vulnerability was patched in particular piece of closed source software. In this blog, we would like to describe one such example from the Microsoft security bulletin.