Blog
Subdomain Takeover Attacks
Written by Bar Hajby on
While not as widely recognized as other cybersecurity threats, subdomain takeover attacks have gained significant attention in recent years due to their potential to cause severe security breaches. These attacks… read more
Account Takeover via JWT Misconfiguration
Written by Sagiv Michael on
In the fast-evolving mobile app security world, vulnerabilities often slip under the radar, posing significant risks to users and organizations. During a recent assessment of a client’s mobile application, our… read more
Account Takeover via OTP Mechanism
Written by Sagiv Michael on
During a penetration test of a client’s authentication mechanisms, we uncovered a critical vulnerability that can lead to a complete account takeover of any user within the system. This finding… read more
LLM Prompt Injection
Written by Yuval Batan on
Large Language Models (LLMs) are a type of Artificial Intelligence (AI) that have taken the tech world by storm. These powerful models are trained on massive amounts of data, allowing… read more
Breaking Application Logic with Negative User Input
Written by Yuval Batan on
While delivering impressive features, the complex logic that powers modern web applications can create unforeseen security weaknesses. Even seemingly minor flaws in these systems’ underlying business logic can be exploited… read more
Exploiting Android Architecture
Written by Yuval Batan on
The Android operating system powers millions of smartphones worldwide, offering users an excessive number of applications responsible for every aspect of our lives, from personal organization to online banking applications.… read more
Exploiting a File Upload Mechanism to Gain RCE
Written by Sagiv Michael on
Imagine uploading a photo to your favorite social media site, only to unknowingly grant hackers complete control over the server. This scenario, while frightening, is precisely what a Remote Code… read more
HTTP Security Headers
Written by Itamar Rom on
As web applications continue to utilize new and advanced technologies day by day, these technologies can sometimes introduce risks and unknowingly expose them to different vulnerabilities. To achieve the goal… read more
Insecure Randomness
Written by Eldar Zavida on
In the digital world, web security is a powerful shield protecting sensitive data and online activities. At the heart of this defense lies the concept of randomness, which is the… read more
Cracking JWT Vulnerabilities
Written by Yuval Batan on
JSON Web Tokens (JWTs) are a crucial and wide part of modern web authentication and authorization systems. However, if this technology is not implemented correctly, malicious actors can exploit it… read more