03 April 2018

We discovered a new Web attack vector abusing the Edge Side Overview of the potentially affected productsInclude (ESI) features common in caching services and product. We will explain the conditions required for exploitation along with 3 example payloads: Cookie exfiltration, SSRF and bypassing client-side XSS filtering.

July 20, 2017

In this blog post, we discuss the basic strategy to integrate CSP into an existing website. It covers the theory and the new features of CSP Auditor.

June 30, 2017

A Wolf in a Suit

In the last few days, we closely followed the malicious software outbreak that took control of about 12,500 devices, mostly in Ukraine and Russia, demanding a $300 ransom from the infected device’s owner. Although this new attack is fascinating, we noticed that the associated stories quickly got out of hand.

April 26, 2017

A Bank VaultBeyond securing the infrastructure, how can one defend their applications against hackers? The answer is: the proper design of the application’s source code. There you have it: application security. Read more...