Web Application Security 17/June/2024 XSSi: An overview of the vulnerability in 2024 Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses
Web Application Security 14/August/2023 Pickles, Shorts and Jokers: A study on Java deserialization Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability
Web Application Security 01/March/2023 Web cache poisoning – a practical approach The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Web Application Security 25/March/2022 HTTP Method Override – what it is and how a pentester can use it How this technique can help potential attackers bypass security measures based on HTTP methods
Web Application Security 18/August/2021 URL Filter Subversion How failures related to validating conditions based on URLs can lead to security issues
Web Application Security 31/March/2021 Common problems in bad implementations of business rules and absence of data validation – Part 1 This is the first in a series of publications about security flaws in two-factor authentication implementations.
Web Application Security 24/February/2021 SQL Injection: There was a comma halfway How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character “,” (comma) from the request?
Web Application Security 18/January/2021 Access Control Flaws in Web Applications If there is a vulnerability, an attacker could compromise the application completely
Web Application Security 31/December/2020 Server Side Request Forgery — Attack and Defense Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Web Application Security 19/November/2020 A long time ago, in a web far away, the SQL Injection appeared Understand how the SQL Injection works and how to protect yourself against it
Web Application Security 06/November/2020 Let’s go with Cross Site Request Forgery? According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Web Application Security 10/February/2020 Once upon a time an account enumeration Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Web Application Security 29/October/2019 A Burp plugin that automates failure detection in the HTML development process The idea of creating another extension for Burp came up in one of the editions of “Na Beira do Rio”
Web Application Security 17/June/2024 XSSi: An overview of the vulnerability in 2024 Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses
Web Application Security 14/August/2023 Pickles, Shorts and Jokers: A study on Java deserialization Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability
Web Application Security 01/March/2023 Web cache poisoning – a practical approach The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Web Application Security 25/March/2022 HTTP Method Override – what it is and how a pentester can use it How this technique can help potential attackers bypass security measures based on HTTP methods
Web Application Security 18/August/2021 URL Filter Subversion How failures related to validating conditions based on URLs can lead to security issues
Web Application Security 31/March/2021 Common problems in bad implementations of business rules and absence of data validation – Part 1 This is the first in a series of publications about security flaws in two-factor authentication implementations.
Web Application Security 24/February/2021 SQL Injection: There was a comma halfway How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character “,” (comma) from the request?
Web Application Security 18/January/2021 Access Control Flaws in Web Applications If there is a vulnerability, an attacker could compromise the application completely
Web Application Security 31/December/2020 Server Side Request Forgery — Attack and Defense Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Web Application Security 19/November/2020 A long time ago, in a web far away, the SQL Injection appeared Understand how the SQL Injection works and how to protect yourself against it
Web Application Security 06/November/2020 Let’s go with Cross Site Request Forgery? According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Web Application Security 10/February/2020 Once upon a time an account enumeration Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Web Application Security 29/October/2019 A Burp plugin that automates failure detection in the HTML development process The idea of creating another extension for Burp came up in one of the editions of “Na Beira do Rio”
