22 March

In this blog post, a new approach to help scanning for deserialization bugs with DNS exfiltration is presented. Along with the explanations, a scanning tool is released that could help both the defensive and the auditing teams in your enterprise.

October 17, 2016

Command InjectionLast week, a new version of Find Security Bugs (FSB), a FindBugs extension was released.

In this post, we will present the most recent improvements and some project announcements.

October 12, 2016

Our old blog was officially migrated into its new home in our website! Our previous blog will redirect you here automatically.

Remember to update your bookmarks.

June 28, 2016

Content Security Policy (CSP)  is a HTTP header that instruct the browser to limit resource loading of media, styles and scripts.

As you may know, CSP is not adopted yet by industry. Multiple surveys have already been made about the adoption of the security header [1] [2] [3]. Even so, it does not mean that we cannot prepare ourselves for the technology. For this purpose, we have built a Burp and ZAP extension to automate the most common validations called CSP Auditor.